[Owasp-Recife] Linux gets fix for code-execution flaw that was undetected since 2009

Caio Dias caio.dias at owasp.org
Thu May 15 13:12:50 UTC 2014


Quanto maior o código, mais difícil é encontrar uma falha.

*Matéria em inglês:*

Maintainers of the Linux kernel have patched one of the more serious
security bugs to be disclosed in the open source operating system in recent
months. The five-year-old code-execution hole leaves computers used in
shared Web hosting services particularly vulnerable, so users and
administrators should make sure systems are running updated versions that
contain a fix.

The memory-corruption vulnerability, which was introduced in version
2.6.31-rc3, released no later than
2009<https://www.linux.com/news/software/linux-kernel/44382-linux-2631-released>,
allows unprivileged users to crash or execute malicious code on vulnerable
systems, according to the notes accompanying proof-of-concept code
available here <http://bugfuzz.com/stuff/cve-2014-0196-md.c>. The flaw
resides in the n_tty_write function controlling the Linux pseudo tty
device<http://linux.die.net/man/7/pty>
.

Continue lendo em
http://arstechnica.com/security/2014/05/linux-gets-fix-for-code-execution-flaw-that-went-unpatched-since-2009/

-- 

[image: Caio Dias on about.me]

Caio Dias
about.me/caiodias

<http://about.me/caiodias>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-recife/attachments/20140515/0758af3c/attachment.html>


More information about the Owasp-recife mailing list