Linux Kernel vulnerability bypasses security restrictions - Linux

This is a discussion on Linux Kernel vulnerability bypasses security restrictions - Linux ; http://www.frsirt.com/english/advisories/2008/1451 A vulnerability has been identified in Linux Kernel, which could be exploited by attackers to bypass security restrictions. This issue is caused by a race condition in the "fcntl_setlk()" function when handling locks on SMP systems, which could allow ...

+ Reply to Thread
Results 1 to 8 of 8

Thread: Linux Kernel vulnerability bypasses security restrictions

  1. Linux Kernel vulnerability bypasses security restrictions


    http://www.frsirt.com/english/advisories/2008/1451

    A vulnerability has been identified in Linux Kernel, which could be
    exploited by attackers to bypass security restrictions. This issue is caused
    by a race condition in the "fcntl_setlk()" function when handling locks on
    SMP systems, which could allow a process that belongs to a local
    unprivileged user to gain re-ordered access to the descriptor table.





    ** Posted from http://www.teranews.com **

  2. Re: Linux Kernel vulnerability bypasses security restrictions

    In comp.os.linux.advocacy, Ezekiel

    wrote
    on Thu, 8 May 2008 10:13:16 -0400
    :
    >
    > http://www.frsirt.com/english/advisories/2008/1451
    >
    > A vulnerability has been identified in Linux Kernel, which could be
    > exploited by attackers to bypass security restrictions. This issue is caused
    > by a race condition in the "fcntl_setlk()" function when handling locks on
    > SMP systems, which could allow a process that belongs to a local
    > unprivileged user to gain re-ordered access to the descriptor table.
    >
    >


    Well, there you have it, Linux is totally worthless,
    move along now back to Windows Vista, nothing to see
    here...move along...

    Oops, forgot the gold watch on the chain. You will move
    back to Windows Vista....after I snap my fingers...

    >
    > ** Posted from http://www.teranews.com **


    --
    #191, ewill3@earthlink.net
    Windows Vista. Now in nine exciting editions. Try them all!
    ** Posted from http://www.teranews.com **

  3. Re: Linux Kernel vulnerability bypasses security restrictions

    ____/ The Ghost In The Machine on Thursday 08 May 2008 16:40 : \____

    > In comp.os.linux.advocacy, Ezekiel
    >
    > wrote
    > on Thu, 8 May 2008 10:13:16 -0400
    > :
    >>
    >> http://www.frsirt.com/english/advisories/2008/1451
    >>
    >> A vulnerability has been identified in Linux Kernel, which could be
    >> exploited by attackers to bypass security restrictions. This issue is caused
    >> by a race condition in the "fcntl_setlk()" function when handling locks on
    >> SMP systems, which could allow a process that belongs to a local
    >> unprivileged user to gain re-ordered access to the descriptor table.
    >>
    >>

    >
    > Well, there you have it, Linux is totally worthless,
    > move along now back to Windows Vista, nothing to see
    > here...move along...
    >
    > Oops, forgot the gold watch on the chain. You will move
    > back to Windows Vista....after I snap my fingers...


    Scott Douglas (pseudonym 'Ezekiel') proves Microsoft's nervousness. Not much to
    rave about, so they attack the #1 rival, according to Ballmer (Scott's boss).

    All those trolls belong in the Windows advocacy groups, not just in the
    killfile. They still take up some bandwidth and CPU cycles.

    --
    ~~ Best of wishes

    Roy S. Schestowitz | No SCO code was used to generate this sig
    http://Schestowitz.com | Free as in Free Beer | PGP-Key: 0x74572E8E
    Cpu(s): 24.5%us, 3.6%sy, 1.0%ni, 66.4%id, 4.2%wa, 0.3%hi, 0.1%si, 0.0%st
    http://iuron.com - semantic engine to gather information

  4. Re: Linux Kernel vulnerability bypasses security restrictions

    You love monkeys.



  5. Re: Linux Kernel vulnerability bypasses security restrictions


    "The Ghost In The Machine" wrote in message
    news:ufjbf5-l55.ln1@sirius.tg00suus7038.net...
    > In comp.os.linux.advocacy, Ezekiel
    >
    > wrote
    > on Thu, 8 May 2008 10:13:16 -0400
    > :
    >>
    >> http://www.frsirt.com/english/advisories/2008/1451
    >>
    >> A vulnerability has been identified in Linux Kernel, which could be
    >> exploited by attackers to bypass security restrictions. This issue is
    >> caused
    >> by a race condition in the "fcntl_setlk()" function when handling locks
    >> on
    >> SMP systems, which could allow a process that belongs to a local
    >> unprivileged user to gain re-ordered access to the descriptor table.
    >>
    >>

    >
    > Well, there you have it, Linux is totally worthless,
    > move along now back to Windows Vista, nothing to see
    > here...move along...


    Move along to Vista and/or XP (the more the better) only if you're against
    poverty and against iliteracy. Do it for the children.


    > Oops, forgot the gold watch on the chain. You will move
    > back to Windows Vista....after I snap my fingers...


    We're not in Kansas anymore.


    ** Posted from http://www.teranews.com **

  6. Re: Linux Kernel vulnerability bypasses security restrictions

    Ezekiel wrote:

    >
    > http://www.frsirt.com/english/advisories/2008/1451
    >
    > A vulnerability has been identified in Linux Kernel, which could be
    > exploited by attackers to bypass security restrictions. This issue is
    > caused by a race condition in the "fcntl_setlk()" function when handling
    > locks on SMP systems, which could allow a process that belongs to a local
    > unprivileged user to gain re-ordered access to the descriptor table.
    >
    >
    >
    >
    >
    > ** Posted from http://www.teranews.com **


    While it is a serious flaw, it only permits local exploitation. As such, I
    doubt that there will be an exploit before the fix is released. Now let's
    look at all the Windows Servers that were recently remotely cracked through
    an MSSQL flaw while Microsoft playing ostrich for an extended period.

    Ian

  7. Re: Linux Kernel vulnerability bypasses security restrictions

    ____/ Ian Hilliard on Friday 09 May 2008 07:17 : \____

    > Ezekiel wrote:
    >
    >>
    >> http://www.frsirt.com/english/advisories/2008/1451
    >>
    >> A vulnerability has been identified in Linux Kernel, which could be
    >> exploited by attackers to bypass security restrictions. This issue is
    >> caused by a race condition in the "fcntl_setlk()" function when handling
    >> locks on SMP systems, which could allow a process that belongs to a local
    >> unprivileged user to gain re-ordered access to the descriptor table.
    >>
    >>
    >>
    >>
    >>
    >> ** Posted from http://www.teranews.com **

    >
    > While it is a serious flaw, it only permits local exploitation. As such, I
    > doubt that there will be an exploit before the fix is released. Now let's
    > look at all the Windows Servers that were recently remotely cracked through
    > an MSSQL flaw while Microsoft playing ostrich for an extended period.
    >
    > Ian


    In the past fornight alone:

    Massive Attack: Half A Million Microsoft-Powered Sites Hit With SQL Injection

    ,----[ Quote ]
    | A new SQL injection attack aimed at Microsoft IIS web servers has hit some
    | 500,000 websites, including the United Nations, UK Government sites and the
    | U.S. Department of Homeland Security. While the attack is not Microsoft's
    | fault, it is unique to the company's IIS server. ¬*
    `----

    http://blog.wired.com/monkeybites/20...oft-datab.html

    Microsoft warns of web server flaw

    ,----[ Quote ]
    | The company has issued an advisory on the vulnerability, which affects
    | Windows XP Professional SP2, Windows Server 2003, Windows Vista and Windows
    | ^^^^^^^^^^^^^^^^^^^^^^^^^
    | Server 2008.
    | ^^^^^^^^^^^
    |
    | [...]
    |
    | "The web server is widely used on the internet, and is a top pick by
    | web-hosting providers. We might see web-hosting providers targeted, and their
    | clients' websites breached."
    `----

    http://www.vnunet.com/vnunet/news/22...rns-web-server

    HTH.

    --
    ~~ Best of wishes

    Roy S. Schestowitz | Run a Linux server, sit on your hands all day
    http://Schestowitz.com | GNU/Linux | PGP-Key: 0x74572E8E
    Swap: 1510068k total, 646812k used, 863256k free, 36016k cached
    http://iuron.com - next generation of search paradigms

  8. Re: Linux Kernel vulnerability bypasses security restrictions


    "Ian Hilliard" wrote in message
    news:1210313779.641254@angel.amnet.net.au...
    > Ezekiel wrote:
    >
    >>
    >> http://www.frsirt.com/english/advisories/2008/1451
    >>
    >> A vulnerability has been identified in Linux Kernel, which could be
    >> exploited by attackers to bypass security restrictions. This issue is
    >> caused by a race condition in the "fcntl_setlk()" function when handling
    >> locks on SMP systems, which could allow a process that belongs to a
    >> local
    >> unprivileged user to gain re-ordered access to the descriptor table.
    >>
    >>
    >>
    >>
    >>
    >> ** Posted from http://www.teranews.com **

    >
    > While it is a serious flaw, it only permits local exploitation. As such,
    > I
    > doubt that there will be an exploit before the fix is released. Now let's
    > look at all the Windows Servers that were recently remotely cracked
    > through
    > an MSSQL flaw while Microsoft playing ostrich for an extended period.


    This sounds like the same flaw that resulted in Roy Schestowitz's website
    (www.schestowitz.com) getting hacked where every page was infested with a
    trojan. Are you sure you have the right OS or does Schestowitz run Windows
    much the same way he uses Microsoft software to dress up his resume?



    ** Posted from http://www.teranews.com **

+ Reply to Thread