| Red Hat, Ubuntu, and Arch Linux patch Linux kernel exploit |
Jan. 25, 2012
 Canonical, Red Hat, and Arch Linux have released patches that fix a vulnerability in Linux kernels 2.6.39 and above that enable attackers to gain system root access. The distro patches followed a kernel patch to fix the vulnerability, but proof-of-concept exploit code examples have already been posted.
A kernel patch submitted on Jan. 17 by Linux overseer Linus Torvalds designed to repair a privilege escalation vulnerability quickly spawned the publication of proof-of-concept exploit code. The patch was publicized before Linux distro projects had time to apply their own patches -- leaving any distro with Linux kernels 2.6.39 and above vulnerable to root access exploits.
Since then, Canonical (Ubuntu), Red Hat, and the Arch Linux team moved quickly to release their respective distro patches to address the problem, but other distros remain vulnerable.
When Torvalds announced the submission of the patch on the Linux kernel.org repository, hackers quickly pounced on the newly available information about CVE-2012-0056 before the Linux distribution vendors had a chance to apply a patch. On Jan. 22, security researcher and programmer Jason A. Donenfeld posted a proof-of-concept exploit called "mempodipper," and then published an in-depth technical overview.
Donenfield's explanation inspired other hackers to post additional exploits, according to Constantin. These were said to include an exploit from iPhone jailbreak specialist ("Cydia") Jay Freeman, also known as "saurik." Freeman quickly posted a mempodipper-derived local root exploit for Android 4.0 called mempodroid.
For the full story, see our report on LinuxDevices.
Related Stories:
(Click here for further information)
|
|
|
|
|
|
|
|
