Language Selection

English French German Italian Portuguese Spanish

Critical Linux vulnerability imperils users, even after “silent” fix

Filed under
Linux
Security

For years, the Linux operating system has contained a high-severity vulnerability that gives untrusted users with restricted accounts nearly unfettered "root" access over machines, including servers running in shared Web hosting facilities and other sensitive environments. Surprisingly, most users remain wide open even now, more than a month after maintainers of the open-source OS quietly released an update that patched the gaping hole.

The severity of the bug, which resides in the Linux kernel's "perf," or performance counters subsystem, didn't become clear until Tuesday, when attack code exploiting the vulnerability became publicly available (note: some content on this site is not considered appropriate in many work environments). The new script can be used to take control of servers operated by many shared Web hosting providers, where dozens or hundreds of people have unprivileged accounts on the same machine.

rest here




More in Tux Machines

Deepin 2014.3 at a Glance

Deepin, the Chinese Linux distribution, has previously been covered on MTE. In the two years that passed, Deepin has evolved both visually and in functionality, beyond expectations. Read more

Ubuntu Spotted in Google's Futuristic "Project Soli" Promo

Time and again, Ubuntu keeps popping up whenever there's some Google product launch. Remember Google's Project Tango or that bit of news about the use of a 'lightly custmozied Ubuntu' in Google's Driverless Car project? Given its widespread use inside Google, it's no surprise than Google is an Ubuntu Advantage Customer. Read more

Sourceforge Hijacking Projects to Deliver Malware

It's been a crazy few days in Linuxville to be sure. Sourceforge is accused of locking out GIMP developers and inserting malware into the application for users to download. Scott Dowdle spotted a "GNOME versus KDE" in MR. ROBOT and Ubuntu was seen in a Google promotional video. David Both shows users how to use Konqueror and Attila Orosz takes a look at Deepin 2014.3. And finally, is the Bling factor in Linux doomed? Read more

Video: GNOME vs. KDE on USA's "MR. ROBOT"