Linux gets fix for flaw that threatens security of shared Web hosts

  • 5 June 2014
  • 1 reply
  • 332 views

Userlevel 7
Badge +54

Privilege escalation bug lets untrusted users wrest control of vulnerable systems.

by Dan Goodin - June 5 2014
 
 
The Linux operating system kernel has been patched against yet another flaw that leaves servers in some shared Web hosting environments susceptible to hijacking.
The vulnerability, formally cataloged as CVE-2014-3153, is located in the futex subsystem of Linux, according to an advisory published Thursday by Debian, a distributor of the open source OS. The flaw allows untrusted users with unprivileged system access to escalate their control. From there, they can crash the system or do other nefarious things, including possibly executing malicious code.
"Pinkie Pie discovered an issue in the futex subsystem that allows a local user to gain ring 0 control via the futex syscall," the advisory stated. "An unprivileged user could use this flaw to crash the kernel (resulting in denial of service) or for privilege escalation."
 
Full Article

1 reply

Userlevel 7
Badge +54
By paganinip on June 7th, 2014
 
                                                                           


 

A new series of vulnerabilities in Linux Kernel allows an attacker to lead DoS and privilege escalation attack, Debian urges upgrades for Linux users.

Numerous security flaws have been discovered and fixed in the Linux kernel, patch management for these vulnerabilities is critical to avoid that attackers could have led to a denial of service or privilege escalation.
Debian yesterday issued a new security update to warn its Linux users about the presence of new vulnerabilities that could be exploited for the above reasons. The vulnerabilities are
CVE-2014-3144
CVE-2014-3145
CVE-2014-3153
 
Full Article

Reply