[Owasp-Recife] Linux gets fix for code-execution flaw that was undetected since 2009

Caio Dias caio.dias at owasp.org
Thu May 15 13:12:50 UTC 2014

Quanto maior o código, mais difícil é encontrar uma falha.

*Matéria em inglês:*

Maintainers of the Linux kernel have patched one of the more serious
security bugs to be disclosed in the open source operating system in recent
months. The five-year-old code-execution hole leaves computers used in
shared Web hosting services particularly vulnerable, so users and
administrators should make sure systems are running updated versions that
contain a fix.

The memory-corruption vulnerability, which was introduced in version
2.6.31-rc3, released no later than
allows unprivileged users to crash or execute malicious code on vulnerable
systems, according to the notes accompanying proof-of-concept code
available here <http://bugfuzz.com/stuff/cve-2014-0196-md.c>. The flaw
resides in the n_tty_write function controlling the Linux pseudo tty

Continue lendo em


[image: Caio Dias on about.me]

Caio Dias

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-recife/attachments/20140515/0758af3c/attachment.html>

More information about the Owasp-recife mailing list