Language Selection

English French German Italian Portuguese Spanish

Critical Linux vulnerability imperils users, even after “silent” fix

Filed under
Linux
Security

For years, the Linux operating system has contained a high-severity vulnerability that gives untrusted users with restricted accounts nearly unfettered "root" access over machines, including servers running in shared Web hosting facilities and other sensitive environments. Surprisingly, most users remain wide open even now, more than a month after maintainers of the open-source OS quietly released an update that patched the gaping hole.

The severity of the bug, which resides in the Linux kernel's "perf," or performance counters subsystem, didn't become clear until Tuesday, when attack code exploiting the vulnerability became publicly available (note: some content on this site is not considered appropriate in many work environments). The new script can be used to take control of servers operated by many shared Web hosting providers, where dozens or hundreds of people have unprivileged accounts on the same machine.

rest here




More in Tux Machines

The Internet Without Connection, Free Endless OS For Emerging Markets

There are four billion people on the planet without PCs or access to affordable personal computers. That figure should surely be tempered with some contextualization i.e. not everybody actually wants to have an Internet connection and many traditional, native or bucolic ways of live do still exist on the planet. Regardless, there are a batch of global initiatives in existence which seek to give computer access to every man, woman and especially child. Endless OS is one such project. The free operating system has been designed explicitly to work in the expensive or restrictive Internet data conditions that often exist in emerging markets where fabulously affordable broadband has yet to arrive. The software itself is built to provide useful information and educational content, with or without an Internet connection. Read more