Monday, February 18, 2013

In the Linux kernel found local vulnerability

There is evidence about the discovery in the Linux kernel vulnerability (CVE-2013-0871) in the subsystem PTRACE, which can be exploited by a local attacker to execute code in the kernel.

To demonstrate the potential for exploitation of the vulnerability exploited by a prototype for the sheer work that requires small changes to the core, simplifying manifestation of the race when called with a parameter ptrace PTRACE_SETREGS.

How realistic is operated under normal conditions the problem and the circumstances that may contribute to the fact it is not clear yet is considered to be attacked only in theory. However, it is possible that the problem is one of the most dangerous vulnerabilities in the kernel in the past few years.

If the mainline kernel silently corrected the problem about a month ago, for the nuclei of many distributions of the problem may be in the nature uncorrected 0-day vulnerability. Of the obscure moments while also says exposure to the problem of hardware architectures (currently known that the problem is subject to x86_64 architecture).


No comments:

Post a Comment