Story 2014-05-16 3KT Patch out for Dangerous Linux Kernel Vulnerability

Patch out for Dangerous Linux Kernel Vulnerability

by
in linux on (#3KT)
story imageGet ready to start your updating tool: a serious vulnerability in the Linux kernel has just been identified. Threatpost describes it:
The bug appears to be a memory corruption vulnerability that could be exploited to execute code. The National Vulnerability Database describes it as follows: "The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel through 3.14.3 does not properly manage tty driver access in the "LECHO & !OPOST" case, which allows local users to cause a denial of service (memory corruption and system crash) or gain privileges by triggering a race condition involving read and write operations with long strings."
Happily, this being Linux, the vulnerability has been fixed. No word if Android and other projects that use the Linux kernel are also affected. To be safe, stay in your basement with the lights out and your modem/router and all phones turned off, unplugged, and buried in a pot of marmalade.
Reply 1 comments

Local exploits (Score: 5, Interesting)

by alioth@pipedot.org on 2014-05-16 09:36 (#1N9)

Also don't think you can blow it off because it's "only a local exploit". All it takes is a (otherwise fairly harmless if the kernel bug was not there) vulnerability in something else that could give an attacker an avenue to get to a local exploit remotely. It happened to me a few years ago. Fortunately, when the attacker did hit my server (via a buggy PHP application), I had actually patched the kernel vulnerability they tried to exploit so they got nowhere (but left some evidence as to who they were).