ID: IRCNE2012011384
Date: 2012-01-25
According to “ComputerWorld”, Linux vendors are rushing to patch a privilege escalation vulnerability in the Linux kernel that can be exploited by local attackers to gain root access on the system.
The vulnerability, which is identified as CVE-2012-0056, is caused by a failure of the Linux kernel to properly restrict access to the "/proc//mem" file.
According to Carsten Eiram, the chief security specialist at vulnerability research firm Secunia, the flaw was introduced in the Linux kernel code in March 2011 and affects versions 2.6.39 and above. "Any Linux distributions providing these kernel versions should be vulnerable," Eiram said.
Linus Torvalds submitted a patch on the official Linux kernel repository on Jan. 17, but before Linux vendors had a chance to apply it for their distributions, proof-of-concept exploit code already appeared online.
Ubuntu and Red Hat have already released patches to address this vulnerability and other vendors are expected to follow in their footsteps soon. "We recommend that system administrators apply these patches," Eiram said.
- 3