[Owasp-Recife] Linux gets fix for code-execution flaw that was undetected since 2009
caio.dias at owasp.org
Thu May 15 13:12:50 UTC 2014
Quanto maior o código, mais difícil é encontrar uma falha.
*Matéria em inglês:*
Maintainers of the Linux kernel have patched one of the more serious
security bugs to be disclosed in the open source operating system in recent
months. The five-year-old code-execution hole leaves computers used in
shared Web hosting services particularly vulnerable, so users and
administrators should make sure systems are running updated versions that
contain a fix.
The memory-corruption vulnerability, which was introduced in version
2.6.31-rc3, released no later than
allows unprivileged users to crash or execute malicious code on vulnerable
systems, according to the notes accompanying proof-of-concept code
available here <http://bugfuzz.com/stuff/cve-2014-0196-md.c>. The flaw
resides in the n_tty_write function controlling the Linux pseudo tty
Continue lendo em
[image: Caio Dias on about.me]
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-recife