Re: Linux Kernel vulnerability bypasses security restrictions

Home	Messages Index

[Date Prev]	[Date Next]	[Thread Prev]	[Thread Next]

Author Index	Date Index	Thread Index

Re: Linux Kernel vulnerability bypasses security restrictions

Subject: Re: Linux Kernel vulnerability bypasses security restrictions
From: Roy Schestowitz <newsgroups@xxxxxxxxxxxxxxx>
Date: Fri, 09 May 2008 08:12:33 +0100
Newsgroups: comp.os.linux.advocacy
References: <dbdbb$48230a7c$27358@xxxxxxxxxxxxxxxxx> <1210313779.641254@xxxxxxxxxxxxxxxxxx>
User-agent: KNode/0.10.4

____/ Ian Hilliard on Friday 09 May 2008 07:17 : \____

> Ezekiel wrote:
> 
>> 
>> http://www.frsirt.com/english/advisories/2008/1451
>> 
>> A vulnerability has been identified in Linux Kernel, which could be
>> exploited by attackers to bypass security restrictions. This issue is
>> caused by a race condition in the "fcntl_setlk()" function when handling
>> locks on SMP systems, which could allow a process that belongs to a local
>> unprivileged user to gain re-ordered access to the descriptor table.
>> 
>> 
>> 
>> 
>> 
>> ** Posted from http://www.teranews.com **
> 
> While it is a serious flaw, it only permits local exploitation. As such, I
> doubt that there will be an exploit before the fix is released. Now let's
> look at all the Windows Servers that were recently remotely cracked through
> an MSSQL flaw while Microsoft playing ostrich for an extended period.
> 
> Ian

In the past fornight alone:

Massive Attack: Half A Million Microsoft-Powered Sites Hit With SQL Injection

,----[ Quote ]
| A new SQL injection attack aimed at Microsoft IIS web servers has hit some 
| 500,000 websites, including the United Nations, UK Government sites and the 
| U.S. Department of Homeland Security. While the attack is not Microsoft's 
| fault, it is unique to the company's IIS server.   
`----

http://blog.wired.com/monkeybites/2008/04/microsoft-datab.html

Microsoft warns of web server flaw

,----[ Quote ]
| The company has issued an advisory on the vulnerability, which affects 
| Windows XP Professional SP2, Windows Server 2003, Windows Vista and Windows  
|                                                   ^^^^^^^^^^^^^^^^^^^^^^^^^
| Server 2008. 
| ^^^^^^^^^^^
| 
| [...]
| 
| "The web server is widely used on the internet, and is a top pick by 
| web-hosting providers. We might see web-hosting providers targeted, and their 
| clients' websites breached."  
`----

http://www.vnunet.com/vnunet/news/2214722/microsoft-warns-web-server

HTH.

-- 
                ~~ Best of wishes

Roy S. Schestowitz     | Run a Linux server, sit on your hands all day
http://Schestowitz.com  |     GNU/Linux     |     PGP-Key: 0x74572E8E
Swap:  1510068k total,   646812k used,   863256k free,    36016k cached
      http://iuron.com - next generation of search paradigms

[Date Prev]	[Date Next]	[Thread Prev]	[Thread Next]

Author Index	Date Index	Thread Index