Linux gets fix for code-execution flaw that was undetected since 2009

  • 12 May 2014
  • 1 reply
  • 235 views

Userlevel 7
Badge +54
Vulnerability could be particularly serious for shared Web-hosting services.
by Dan Goodin - May 12 2014, 7:30pm GMTST
 



 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Maintainers of the Linux kernel have patched one of the more serious security bugs to be disclosed in the open source operating system in recent months. The five-year-old code-execution hole leaves computers used in shared Web hosting services particularly vulnerable, so users and administrators should make sure systems are running updated versions that contain a fix.
 
The memory-corruption vulnerability, which was introduced in version 2.6.31-rc3, released no later than 2009, allows unprivileged users to crash or execute malicious code on vulnerable systems, according to the notes accompanying proof-of-concept code available here. The flaw resides in the n_tty_write function controlling the Linux pseudo tty device.
 
Full Article
 
 
 
 

1 reply

Userlevel 7
Badge +56
I wonder how frequent these older undiscovered bugs are?  I bet Heartbleed has sent a bunch of people scurrying to do security reviews of their software.

Reply