For all you Linux users who thumb your noses at Microsoft's history of vulnerability and large attack surface, prepare to fend off some attackers of your own.
Brad Spengler released the Linux exploit's source code last week, indicating that it exploits a vulnerability in at least two Linux versions - 2.6.30 and 2.6.18, both 32-bit and 64-bit.
The scary part of this flaw is that it gets around a null pointer protection in the mainline Linux kernel, so if successfully exploited, the attacker could gain root access. Game over.
Red Hat Enterprise Linux 5 uses on of the vulnerable versions - 2.6.18.
According to Spengler, the workaround would be for Linux admins to compile the kernel with fno-delete-null-pointer-checks.
SANS has more.
No comments:
Post a Comment
Please tell me what you think.