Die-hard bug bytes Linux kernel for second time

Die-hard bug bytes Linux kernel for second time
Die-hard bug bytes Linux kernel for second time

  This message is in MIME format.  The first part should be readable text,
  while the remaining parts are likely unreadable without MIME-aware tools.

Content-Transfer-Encoding: QUOTED-PRINTABLE

By Dan Goodin in San Francisco
The Register
15th September 2010

The Linux kernel has been purged of a bug that gave root access to 
untrusted users =E2=80=93 again.

The vulnerability in a component of the operating system that translates 
values from 64 bits to 32 bits (and vice versa) was fixed once before =E2=80=93 
in 2007 with the release of version But several months later, 
developers inadvertently rolled back the change, once again leaving the 
OS open to attacks that allow unprivileged users to gain full root 

The bug was originally discovered by the late hacker Wojciech "cliph" 
Purczynski. But Ben Hawkes, the researcher who discovered the kernel 
regression bug, said here that he grew suspicious when he recently began 
tinkering under the hood of the open-source OS and saw signs the flaw 
was still active.

=E2=80=9CI showed this to my friend Robert Swiecki who had written an exploit 
for the original bug in 2007, and he immediately said something along 
the lines of 'well this is interesting,'=E2=80=9D Hawkes wrote. =E2=80=9CWe pulled up 
his old exploit from 2007, and with a few minor modifications to the 
privilege escalation code, we had a root shell.=E2=80=9D


Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Subscribe to InfoSec News - 


Site design & layout copyright © 1986-2014 CodeGods