Die-hard bug bytes Linux kernel for second time (Register)
Die-hard bug bytes Linux kernel for second time (Register)
[Security] Posted Sep 17, 2010 17:16 UTC (Fri) by corbet
The Register reports
on CVE-2010-3301, a local root vulnerability which has now been fixed - for
the second time - in the mainline kernel. "The oversight means that
untrusted users with, say, limited SSH access have a trivial means to gain
unfettered access to pretty much any 64-bit installation. Consider, too,
that the bug has been allowed to fester in the kernel for years and was
already fixed once before and we think a measured WTF is in order.
"
It's worth noting that exploits for this vulnerability have been posted.