Home  |  News  |  Articles  |  Forum  |  Polls  |  Blogs  |  Videos  |  Resource Library

Keywords: Match:
Red Hat, Ubuntu, and Arch Linux patch Linux kernel exploit
Jan. 25, 2012

Canonical, Red Hat, and Arch Linux have released patches that fix a vulnerability in Linux kernels 2.6.39 and above that enable attackers to gain system root access. The distro patches followed a kernel patch to fix the vulnerability, but proof-of-concept exploit code examples have already been posted.

A kernel patch submitted on Jan. 17 by Linux overseer Linus Torvalds designed to repair a privilege escalation vulnerability quickly spawned the publication of proof-of-concept exploit code. The patch was publicized before Linux distro projects had time to apply their own patches -- leaving any distro with Linux kernels 2.6.39 and above vulnerable to root access exploits.

Since then, Canonical (Ubuntu), Red Hat, and the Arch Linux team moved quickly to release their respective distro patches to address the problem, but other distros remain vulnerable.

When Torvalds announced the submission of the patch on the Linux repository, hackers quickly pounced on the newly available information about CVE-2012-0056 before the Linux distribution vendors had a chance to apply a patch. On Jan. 22, security researcher and programmer Jason A. Donenfeld posted a proof-of-concept exploit called "mempodipper," and then published an in-depth technical overview.

Donenfield's explanation inspired other hackers to post additional exploits, according to Constantin. These were said to include an exploit from iPhone jailbreak specialist ("Cydia") Jay Freeman, also known as "saurik." Freeman quickly posted a mempodipper-derived local root exploit for Android 4.0 called mempodroid.

For the full story, see our report on LinuxDevices.

Related Stories:

(Click here for further information)

Home  |  News  |  Articles  |  Forum  |  Polls  |  About  |  Contact

Ziff Davis Enterprise Home | Contact Us | Advertise | Link to Us | Reprints | Magazine Subscriptions | Newsletters
Tech RSS Feeds | ROI Calculators | Tech Podcasts | Tech Video | VARs | Channel News

Baseline | Careers | Channel Insider | CIO Insight | DesktopLinux | DeviceForge | DevSource | eSeminars |
eWEEK | Enterprise Network Security | LinuxDevices | Linux Watch | Microsoft Watch | Mid-market | Networking | PDF Zone |
Publish | Security IT Hub | Strategic Partner | Web Buyer's Guide | Windows for Devices

Developer Shed | Dev Shed | ASP Free | Dev Articles | Dev Hardware | SEO Chat | Tutorialized | Scripts |
Code Walkers | Web Hosters | Dev Mechanic | Dev Archives | igrep

Use of this site is governed by our Terms of Service and Privacy Policy. Except where otherwise specified, the contents of this site are copyright © 1999-2012 Ziff Davis Enterprise Holdings Inc. All Rights Reserved. Reproduction in whole or in part in any form or medium without express written permission of Ziff Davis Enterprise is prohibited. Linux is a registered trademark of Linus Torvalds. All other marks are the property of their respective owners.