[LUG.ro] Problema de seguridad en casi todas las distros de GNU/Linux
"Sebastián D. Criado"
sebastian.criado en gmail.com
Mie Nov 4 20:37:58 ARST 2009
Existe un error de null pointer dereference la cual permitiría ganar
privilegios de root. El error sería resuelto por la versión 2.6.32.
--
Red Midnight and other readers brought to our attention a bug in most
deployed versions of Linux that could result in untrusted users getting
root access. The bug was found by Brad Spengler last month. "The null
pointer dereference flaw was only fixed in the upcoming 2.6.32 release
candidate of the Linux kernel, making virtually all production versions
in use at the moment vulnerable. While attacks can be prevented by
implementing a common feature known as mmap_min_addr, the RHEL
distribution... doesn't properly implement that protection... The... bug
is mitigated by default on most Linux distributions, thanks to their
correct implementation of the mmap_min_addr feature. ... [Spengler] said
many other Linux users are also vulnerable because they run older
versions or are forced to turn off [mmap_min_addr] to run certain types
of applications." The register reprints a dialog from the OpenBSD-misc
mailing list in which Theo De Raadt says, "For the record, this
particular problem was resolved in OpenBSD a while back, in 2008. We are
not super proud of the solution, but it is what seems best faced with a
stupid Intel architectural choice. However, it seems that everyone else
is slowly coming around to the same solution."
----
http://linux.slashdot.org/story/09/11/04/0320254/Bug-In-Most-Linuxes-Can-Give-Untrusted-Users-Root
Saludos.-
--
Sebastian.Criado en gmail.com - GPG: 1024D/7D98DF14
37E4 246A F17B 689F 9F2D|counter.li.org: #146768
0578 B1AA 8CDB 7D98 DF14|http://www.lugro.org.ar
http://noalamatricula.wordpress.com/about/ read!
"Si el Universo fuera un programa estaría hecho
en C, y correría sobre un sistema UNIX" Anónimo.
Más información sobre la lista de distribución Lugro