Linux Today: Linux News On Internet Time.
Search Linux Today
Linux News Sections: Blog - Developer - High Performance - Infrastructure - IT Management - Security - Storage -
Linux Today Navigation
LT Home
Preferences
Contribute
Link to Us
Search
Linux Jobs

Linux Today
Enterprise Linux Today
Apache Today
JustLinux.com
Linux Planet
PHPBuilder
All Linux Devices
Technology Jobs

JustTechJobs.com

LinuxToday Newsletters
Server Daily
IT Management Daily
Subscribe News
Subscribe PR
Subscribe Security

internet.com
Internet News
Small Business

Advertise
Newsletters
Tech Jobs
E-mail Offers

 










Current Newswire:

Time Drive - A User friendly Utility for Back Up your Files Under Ubuntu

mutter 3.3.5 Released

Nine Rules for Designing a Linux Desktop

Fedora 17 Is Still Trying For Btrfs By Default

RIP Compiz

Thoughts about Kubuntu's Status, Canonical, and your distribution's sponsors

SECURITY: How To Set Up A TOR Middlebox Routing All VirtualBox Virtual Machine Traffic Over TOR

Sabayon Linux 8 Released

Running Simple Groupware On Nginx (LEMP) On Debian Squeeze/Ubuntu 11.10

Introducing Comice OS 4: Mac-Looking Linux



Applications Management Engineer Sr (NYC)
Next Step Systems
US-NY-New York

Justtechjobs.com Post A Job | Post A Resume
:Kernel space: The vmsplice() Exploit
Kernel space: The vmsplice() Exploit
Feb 20, 2008, 16 :00 UTC (8 Talkback[s]) (6825 reads)
(Other stories by Jonathan Corbet)

"As this is being written, distributors are working quickly to ship kernel updates fixing the local root vulnerabilities in the vmsplice() system call. Unlike a number of other recent vulnerabilities which have required special situations (such as the presence of specific hardware) to exploit, these vulnerabilities are trivially exploited and the code to do so is circulating on the net. The author found himself wondering how such a wide hole could find its way into the core kernel code, so he set himself the task of figuring out just what was going on - a task which took rather longer than he had expected.

"The splice() system call, remember, is a mechanism for creating data flow plumbing within the kernel..."

Complete Story

Related Stories:
Linux Kernel Hole Exploited, Despite Patch Release(Feb 14, 2008)
Patching CVE-2008-0600, Local Root Exploit(Feb 12, 2008)
Linux Kernel "vmsplice()" System Call Vulnerabilities(Feb 11, 2008)


Index Mode   |   Flat Mode   |   Thread Mode   |   Thread Flat  
  Talkback(s) Name  and Date
In my not completely humble opinion, it ...   I disagree with the 'sloppiness' comment.   
Rainer Weikusat
Feb 20, 2008, 16:56:44  
So you think it is better for every rout ...   RE: I disagree with the 'sloppiness' comme   
Stephen Clark
Feb 20, 2008, 21:22:18  
> In my not completely humble opinion, i ...   Re: I disagree with the 'sloppiness' comme   
Wogster
Feb 20, 2008, 23:03:00  
If you read the article, you learn also ...   Re: Sloppiness   
Yim
Feb 21, 2008, 00:58:42  
> > In my not completely humble opinion, ...   Re: Re: I disagree with the 'sloppiness' c   
Rainer Weikusat
Feb 21, 2008, 07:25:35  
> So you think it is better for every ro ...   Re: RE: I disagree with the 'sloppiness' c   
Rainer Weikusat
Feb 21, 2008, 07:38:19  
> So, your idea is that the people to bl ...   Re: Re: Re: I disagree with the 'sloppiness   
blackhole
Feb 21, 2008, 17:24:39  
> > So, your idea is that the people to ...   Re: Re: Re: Re: I disagree with the 'sloppines   
Rainer Weikusat
Feb 21, 2008, 18:28:12  
  Home | Search Talkbacks | Customize View    Top of Page  



Enter your comments below:

* Your Name:

* Your Email Address:

* Subject:

CC: [will also send this talkback to an E-Mail address]

* Comments:

Tags allowed:<I>,<B> and <U>. See our talkback-policy for more about talkback content.

Fields marked with * are required!

..............................




All times are recorded in UTC.
Linux is a trademark of Linus Torvalds.
Powered by Linux, Apache and PHP