Saturday, September 18, 2010

Linux: Root Exploit Briefly Closed Finally Resolved

Security Alert - Upgrade Linux Systems Again...

Another Linux root exploit found last decade, briefly closed for a few months, has finally been closed.

The Linux kernel has been purged of a bug that gave root access to untrusted users – again.

The vulnerability in a component of the operating system that translates values from 64 bits to 32 bits (and vice versa) was fixed once before – in 2007 with the release of version But several months later, developers inadvertently rolled back the change, once again leaving the OS open to attacks that allow unprivileged users to gain full root access.

There are a lot of production systems which have been compromised by this defect over the past half-decade.

Network Management

Let's hope that affected systems are not runnning mission critical systems in your managed services environment that connect to tens of thousands of customer devices in a Network Management environment. It means another hit on availability and taking down the systems for yet another upgrade.

No comments:

Post a Comment