Erodov.com Forums | India's Top Technology forum.
Loading

navigation start navigation end
Go Back   Erodov.com Forums | India's Top Technology forum. > Lounge > Interesting News on the Web
Register Forgot Password?

 
 
Thread Tools Search this Thread
Old 25-01-12   #1
Unelected
Administrator
Meum pactum dictum
 
 
vijayninel's Avatar
Rig Gallery
Linux Vendors Rush to Patch Privilege Escalation Flaw After Root Exploits Emerge




Linux users shocked as a privilege escalation vulnerability
in the Linux kernel allows attackers to gain root access
Linux vendors are rushing to patch a privilege escalation vulnerability in the Linux kernel that can be exploited by local attackers to gain root access on the system.

The vulnerability, which is identified as CVE-2012-0056, was discovered by Jüri Aedla and is caused by a failure of the Linux kernel to properly restrict access to the "/proc/<pid>/mem" file.

According to Carsten Eiram, the chief security specialist at vulnerability research firm Secunia, the flaw was introduced in the Linux kernel code in March 2011 and affects versions 2.6.39 and above. "Any Linux distributions providing these kernel versions should be vulnerable," Eiram said.

Linus Torvalds submitted a patch on the official Linux kernel repository on Jan. 17, but before Linux vendors had a chance to apply it for their distributions, proof-of-concept exploit code already appeared online.

One of the most complete exploits for CVE-2012-0056 is called mempodipper and was written by security researcher and programmer Jason A. Donenfeld. Mempodipper works around various factors that could limit the impact of this vulnerability in Linux distributions like Fedora or Gentoo.

Ubuntu and Red Hat have already released patches to address this vulnerability and other vendors are expected to follow in their footsteps soon. "We recommend that system administrators apply these patches," Eiram said.

Donenfeld published a detailed article about how the vulnerability can be exploited on his blog on Sunday, which served as inspiration for other exploit writers. One of them was Jay Freeman, better known online as saurik, the creator of the Cydia app store for jailbroken iPhones, iPads and other iOS devices.

Freeman used Donenfeld's instructions to create a local root exploit for Android 4.0 (Ice Cream Sandwich), which he dubbed mempodroid. Several members of the XDA Developers community already confirmed that the exploit works, but advised users who are not familiar with adb shell to wait for a simpler implementation.

Samsung Galaxy Nexus and ASUS Transformer Prime are the only devices that run Android 4.0 at this time, and the Galaxy Nexus has built-in rooting capabilities. However, mempodroid might open the door for rooting other devices that will eventually get updated to Ice Cream Sandwich.

"While Android itself is open, many of the devices that use it are not, and the Transformer Prime has a locked bootloader, making exploits such as this required to install custom software," Freeman said in the exploit's release notes.
__________________
Living in water and being an enemy of the crocodile is not good. - Proverb
vijayninel is offline   Reply With Quote
Old 25-01-12   #2
Jason Bourne
Community Moderator
Mushtakhanda !!!
 
 
ManISinJpr's Avatar

 
Join Date: Nov 2008
Location: Look back, Look in the fr
Posts: 21,838
ManISinJpr is extremely Noble
ManISinJpr is extremely NobleManISinJpr is extremely NobleManISinJpr is extremely NobleManISinJpr is extremely NobleManISinJpr is extremely NobleManISinJpr is extremely NobleManISinJpr is extremely NobleManISinJpr is extremely NobleManISinJpr is extremely Noble
Re: Linux Vendors Rush to Patch Privilege Escalation Flaw After Root Exploits Emerge

ODI !! BABA !!!
That is not possible.. it is the end of thw world as we know it !!!
__________________






ManISinJpr is offline   Reply With Quote
Post New Thread  Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes


Similar Threads
Thread Thread Starter Forum Replies Last Post
New Kernel Patch to Improve Power Consumption for Linux initpidzero Open Source 3 25-11-11 06:25 PM
Indian IT Vendors Bet on Windows 7 vijayninel Interesting News on the Web 13 25-10-09 12:05 AM
Laptop issues: escalation to CORE baba doga Everything Under the Sun 81 07-05-09 02:20 PM
DISC: Suggestion for Registered Vendors Jinu Feedback and Test Drive 3 26-01-09 10:52 AM
Adobe's new CS4 finally exploits the true power of graphics cards SidK!! Graphics Cards 3 02-10-08 01:23 PM


Tags
emerge, escalation, exploits, flaw, linux, patch, privilege, root, rush, vendors
All times are GMT +5.5. The time now is 09:51 AM.
Powered by vBulletin® Version 3.8.5
Copyright ©2000 - 2019, Jelsoft Enterprises Ltd.
SEO by vBSEO 3.6.0 PL2 ©2011, Crawlability, Inc.