Local root exploit sends people mad as a brush…

The last few days have seen a healthy batch of flapping turkeys on the usual discussion channels. It all started following the discovery of an exploit which allows users to gain “root” or administrator privileges on a system. Fair enough, its bad to find something that has been been around for over a year and a half but only Secunia, who I have linked to above, seem to have an “Everyone keep calm” approach.

Here’s why: Its only a local exploit – you need to be sat in front of the computer.

I also compiled and ran the code (for fun). It failed the first time round. The second time it gave me root, then locked up my system solid.

Lastly, a patch has been posted, merged and I’m running it within a couple of days of the problem rearing its ugly head. If anyone wants to know what caused the problem, here is the one line of change:

– if (unlikely(!base))
+ if (!access_ok(VERIFY_READ, base, len))

So I’m not overly concerned.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s