If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Rate Thread | Display Modes |
#1
|
|||
|
|||
Patch alert! Easy-to-exploit flaw in Linux kernel rated 'high risk'
A flaw has been found in the way the Linux kernel loads ELF files. If a malicious program is built as a Position Independent Executable (PIE), the loader can be exploited to map part of that application's data segment over the memory area reserved for its stack. This can result in memory corruption and possible local privilege escalation. Red Hat and Debian are among Linux distros affected by the CVE- 2017-1000253 vulnerability, which was discovered by cloud security firm Qualys. Red Hat's advisory is here. Debian's list of affected releases – which have largely already been fixed – can be found here. Just run your usual package management tools to install the patched kernels and reboot. Red Hat warned: "An unprivileged local user with access to SUID (or otherwise privileged) PIE binary could use this flaw to escalate their privileges on the system." This issue affects Linux kernel packages as shipped with Red Hat Enterprise Linux 5 and 6 as well as some older versions of Red Hat Enterprise Linux 7. Embedded systems running Red Hat may also need updating. The Linux distro rates attack complexity as "low" but impact "high" – always a bad combination. The flaw represents a possible mechanism for a hacker or other malicious party to step up from a normal user to root – e.g. you get a shell as an ordinary user via a compromised web application or another internet-facing service, and then use the above bug to take full control of the box. It can also be abused by logged-in users to gain administrative access over the machine. Patching is straightforward, in this case, but deployment is the "hard" part as it'll involve a reboot. The vulnerability is nasty but it'd be a whole lot worse if it were remotely triggered, kinda like ShellShock and its ilk. This flaw does not fall into that category, fortunately. Sysadmins are nonetheless advised to review the security of their systems and patch or at least mitigate against the vulnerability at their earliest opportunity. ® https://www.theregister.co.uk/2017/0...x_kernel_vuln/ |
Ads |
#2
|
|||
|
|||
Patch alert! Easy-to-exploit flaw in Linux kernel rated 'high risk'
Anonymous Remailer (austria) wrote:
A flaw has been found in the way the Linux kernel loads ELF files. If a malicious program is built as a Position Independent Executable (PIE), the loader can be exploited to map part of that application's data segment over the memory area reserved for its stack. This can result in memory corruption and possible local privilege escalation. Red Hat and Debian are among Linux distros affected by the CVE- 2017-1000253 vulnerability, which was discovered by cloud security firm Qualys. Red Hat's advisory is here. Debian's list of affected releases � which have largely already been fixed � can be found here. Just run your usual package management tools to install the patched kernels and reboot. Red Hat warned: "An unprivileged local user with access to SUID (or otherwise privileged) PIE binary could use this flaw to escalate their privileges on the system." This issue affects Linux kernel packages as shipped with Red Hat Enterprise Linux 5 and 6 as well as some older versions of Red Hat Enterprise Linux 7. Embedded systems running Red Hat may also need updating. The Linux distro rates attack complexity as "low" but impact "high" � always a bad combination. The flaw represents a possible mechanism for a hacker or other malicious party to step up from a normal user to root � e.g. you get a shell as an ordinary user via a compromised web application or another internet-facing service, and then use the above bug to take full control of the box. It can also be abused by logged-in users to gain administrative access over the machine. Patching is straightforward, in this case, but deployment is the "hard" part as it'll involve a reboot. The vulnerability is nasty but it'd be a whole lot worse if it were remotely triggered, kinda like ShellShock and its ilk. This flaw does not fall into that category, fortunately. Sysadmins are nonetheless advised to review the security of their systems and patch or at least mitigate against the vulnerability at their earliest opportunity. � https://www.theregister.co.uk/2017/0...x_kernel_vuln/ This kernel vulnerability was fixed in April 2015 In short, your post is completely idiotic |
#3
|
|||
|
|||
Patch alert! Easy-to-exploit flaw in Linux kernel rated 'highrisk'
Anonymous Remailer (austria) wrote: A flaw has been found in the way the Linux kernel loads ELF files. If a malicious program is built as a Position Independent Executable (PIE), the loader can be exploited to map part of that application's data segment over the memory area reserved for its stack. This can result in memory corruption and possible local privilege escalation. Red Hat and Debian are among Linux distros affected by the CVE- 2017-1000253 vulnerability, which was discovered by cloud security firm Qualys. Red Hat's advisory is here. Debian's list of affected releases � which have largely already been fixed � can be found here. Just run your usual package management tools to install the patched kernels and reboot. Red Hat warned: "An unprivileged local user with access to SUID (or otherwise privileged) PIE binary could use this flaw to escalate their privileges on the system." This issue affects Linux kernel packages as shipped with Red Hat Enterprise Linux 5 and 6 as well as some older versions of Red Hat Enterprise Linux 7. Embedded systems running Red Hat may also need updating. The Linux distro rates attack complexity as "low" but impact "high" � always a bad combination. The flaw represents a possible mechanism for a hacker or other malicious party to step up from a normal user to root � e.g. you get a shell as an ordinary user via a compromised web application or another internet-facing service, and then use the above bug to take full control of the box. It can also be abused by logged-in users to gain administrative access over the machine. Patching is straightforward, in this case, but deployment is the "hard" part as it'll involve a reboot. The vulnerability is nasty but it'd be a whole lot worse if it were remotely triggered, kinda like ShellShock and its ilk. This flaw does not fall into that category, fortunately. Sysadmins are nonetheless advised to review the security of their systems and patch or at least mitigate against the vulnerability at their earliest opportunity. � https://www.theregister.co.uk/2017/0...x_kernel_vuln/ This kernel vulnerability was fixed in April 2015 In short, your post is completely idiotic Note the date on the theregister article. |
#4
|
|||
|
|||
Patch alert! Easy-to-exploit flaw in Linux kernel rated 'highrisk'
In article
Anonymous wrote: Anonymous Remailer (austria) wrote: A flaw has been found in the way the Linux kernel loads ELF files. If a malicious program is built as a Position Independent Executable (PIE), the loader can be exploited to map part of that application's data segment over the memory area reserved for its stack. This can result in memory corruption and possible local privilege escalation. Red Hat and Debian are among Linux distros affected by the CVE- 2017-1000253 vulnerability, which was discovered by cloud security firm Qualys. Red Hat's advisory is here. Debian's list of affected releases � which have largely already been fixed � can be found here. Just run your usual package management tools to install the patched kernels and reboot. Red Hat warned: "An unprivileged local user with access to SUID (or otherwise privileged) PIE binary could use this flaw to escalate their privileges on the system." This issue affects Linux kernel packages as shipped with Red Hat Enterprise Linux 5 and 6 as well as some older versions of Red Hat Enterprise Linux 7. Embedded systems running Red Hat may also need updating. The Linux distro rates attack complexity as "low" but impact "high" � always a bad combination. The flaw represents a possible mechanism for a hacker or other malicious party to step up from a normal user to root � e.g. you get a shell as an ordinary user via a compromised web application or another internet-facing service, and then use the above bug to take full control of the box. It can also be abused by logged-in users to gain administrative access over the machine. Patching is straightforward, in this case, but deployment is the "hard" part as it'll involve a reboot. The vulnerability is nasty but it'd be a whole lot worse if it were remotely triggered, kinda like ShellShock and its ilk. This flaw does not fall into that category, fortunately. Sysadmins are nonetheless advised to review the security of their systems and patch or at least mitigate against the vulnerability at their earliest opportunity. � https://www.theregister.co.uk/2017/0...x_kernel_vuln/ This kernel vulnerability was fixed in April 2015 In short, your post is completely idiotic Note the date on the theregister article. You know Peter. He's always years ahead of everyone else. |
#5
|
|||
|
|||
Patch alert! Easy-to-exploit flaw in Linux kernel rated 'highrisk'
In article
Peter =?UTF-8?B?S8O2aGxtYW5u?= wrote: Anonymous Remailer (austria) wrote: Sysadmins are nonetheless advised to review the security of their systems and patch or at least mitigate against the vulnerability at their earliest opportunity. � https://www.theregister.co.uk/2017/0...x_kernel_vuln/ This kernel vulnerability was fixed in April 2015 In short, your post is completely idiotic What part of theregister.co.uk escaped you? Yeesh. Linux hobbyists can't read. |
#6
|
|||
|
|||
Patch alert! Easy-to-exploit flaw in Linux kernel rated 'high risk'
Anonymous wrote:
Anonymous Remailer (austria) wrote: A flaw has been found in the way the Linux kernel loads ELF files. If a malicious program is built as a Position Independent Executable (PIE), the loader can be exploited to map part of that application's data segment over the memory area reserved for its stack. This can result in memory corruption and possible local privilege escalation. Red Hat and Debian are among Linux distros affected by the CVE- 2017-1000253 vulnerability, which was discovered by cloud security firm Qualys. Red Hat's advisory is here. Debian's list of affected releases � which have largely already been fixed � can be found here. Just run your usual package management tools to install the patched kernels and reboot. Red Hat warned: "An unprivileged local user with access to SUID (or otherwise privileged) PIE binary could use this flaw to escalate their privileges on the system." This issue affects Linux kernel packages as shipped with Red Hat Enterprise Linux 5 and 6 as well as some older versions of Red Hat Enterprise Linux 7. Embedded systems running Red Hat may also need updating. The Linux distro rates attack complexity as "low" but impact "high" � always a bad combination. The flaw represents a possible mechanism for a hacker or other malicious party to step up from a normal user to root � e.g. you get a shell as an ordinary user via a compromised web application or another internet-facing service, and then use the above bug to take full control of the box. It can also be abused by logged-in users to gain administrative access over the machine. Patching is straightforward, in this case, but deployment is the "hard" part as it'll involve a reboot. The vulnerability is nasty but it'd be a whole lot worse if it were remotely triggered, kinda like ShellShock and its ilk. This flaw does not fall into that category, fortunately. Sysadmins are nonetheless advised to review the security of their systems and patch or at least mitigate against the vulnerability at their earliest opportunity. � https://www.theregister.co.uk/2017/0...x_kernel_vuln/ This kernel vulnerability was fixed in April 2015 In short, your post is completely idiotic Note the date on the theregister article. Note the date of the fix. Idiot |
#7
|
|||
|
|||
Patch alert! Easy-to-exploit flaw in Linux kernel rated 'highrisk'
Peter Köhlmann wrote this copyrighted missive and expects royalties:
Anonymous wrote: Anonymous Remailer (austria) wrote: A flaw has been found in the way the Linux kernel loads ELF files. If a malicious program is built as a Position Independent Executable (PIE), the loader can be exploited to map part of that application's data segment over the memory area reserved for its stack. This can result in memory corruption and possible local privilege escalation. Red Hat and Debian are among Linux distros affected by the CVE- 2017-1000253 vulnerability, which was discovered by cloud security firm Qualys. Red Hat's advisory is here. Debian's list of affected releases � which have largely already been fixed � can be found here. Just run your usual package management tools to install the patched kernels and reboot. https://www.theregister.co.uk/2017/0...x_kernel_vuln/ This kernel vulnerability was fixed in April 2015 In short, your post is completely idiotic Note the date on the theregister article. Note the date of the fix. Idiot And it applies to a freakin' old kernel, 3.10.0. My Debian Sid is at 4.14.0 right now. -- Beware of a tall black man with one blond shoe. |
#8
|
|||
|
|||
Patch alert! Easy-to-exploit flaw in Linux kernel rated 'high risk'
Chris Ahlstrom wrote:
Peter Köhlmann wrote this copyrighted missive and expects royalties: Anonymous wrote: Anonymous Remailer (austria) wrote: A flaw has been found in the way the Linux kernel loads ELF files. If a malicious program is built as a Position Independent Executable (PIE), the loader can be exploited to map part of that application's data segment over the memory area reserved for its stack. This can result in memory corruption and possible local privilege escalation. Red Hat and Debian are among Linux distros affected by the CVE- 2017-1000253 vulnerability, which was discovered by cloud security firm Qualys. Red Hat's advisory is here. Debian's list of affected releases � which have largely already been fixed � can be found here. Just run your usual package management tools to install the patched kernels and reboot. https://www.theregister.co.uk/2017/0...x_kernel_vuln/ This kernel vulnerability was fixed in April 2015 In short, your post is completely idiotic Note the date on the theregister article. Note the date of the fix. Idiot And it applies to a freakin' old kernel, 3.10.0. My Debian Sid is at 4.14.0 right now. That is the problem with our resident wintendo lusers and Macretards: They all combined have less IQ than a decaying maggot |
#9
|
|||
|
|||
Patch alert! Easy-to-exploit flaw in Linux kernel rated 'highrisk'
In article
Peter =?UTF-8?B?S8O2aGxtYW5u?= wrote: Anonymous wrote: Anonymous Remailer (austria) wrote: A flaw has been found in the way the Linux kernel loads ELF files. If a malicious program is built as a Position Independent Executable (PIE), the loader can be exploited to map part of that application's data segment over the memory area reserved for its stack. This can result in memory corruption and possible local privilege escalation. Red Hat and Debian are among Linux distros affected by the CVE- 2017-1000253 vulnerability, which was discovered by cloud security firm Qualys. Red Hat's advisory is here. Debian's list of affected releases � which have largely already been fixed � can be found here. Just run your usual package management tools to install the patched kernels and reboot. Red Hat warned: "An unprivileged local user with access to SUID (or otherwise privileged) PIE binary could use this flaw to escalate their privileges on the system." This issue affects Linux kernel packages as shipped with Red Hat Enterprise Linux 5 and 6 as well as some older versions of Red Hat Enterprise Linux 7. Embedded systems running Red Hat may also need updating. The Linux distro rates attack complexity as "low" but impact "high" � always a bad combination. The flaw represents a possible mechanism for a hacker or other malicious party to step up from a normal user to root � e.g. you get a shell as an ordinary user via a compromised web application or another internet-facing service, and then use the above bug to take full control of the box. It can also be abused by logged-in users to gain administrative access over the machine. Patching is straightforward, in this case, but deployment is the "hard" part as it'll involve a reboot. The vulnerability is nasty but it'd be a whole lot worse if it were remotely triggered, kinda like ShellShock and its ilk. This flaw does not fall into that category, fortunately. Sysadmins are nonetheless advised to review the security of their systems and patch or at least mitigate against the vulnerability at their earliest opportunity. � https://www.theregister.co.uk/2017/0...x_kernel_vuln/ This kernel vulnerability was fixed in April 2015 In short, your post is completely idiotic Note the date on the theregister article. Note the date of the fix. Idiot Look at the date of the CVE, idiot. Obviously it wasn't fixed in 2015 if it was reported in 2017, idiot. https://access.redhat.com/security/cve/cve-2017-1000253 |
#10
|
|||
|
|||
Patch alert! Easy-to-exploit flaw in Linux kernel rated 'highrisk'
In article
Peter =?UTF-8?B?S8O2aGxtYW5u?= wrote: Chris Ahlstrom wrote: Peter Köhlmann wrote this copyrighted missive and expects royalties: Anonymous wrote: Anonymous Remailer (austria) wrote: A flaw has been found in the way the Linux kernel loads ELF files. If a malicious program is built as a Position Independent Executable (PIE), the loader can be exploited to map part of that application's data segment over the memory area reserved for its stack. This can result in memory corruption and possible local privilege escalation. Red Hat and Debian are among Linux distros affected by the CVE- 2017-1000253 vulnerability, which was discovered by cloud security firm Qualys. Red Hat's advisory is here. Debian's list of affected releases � which have largely already been fixed � can be found here. Just run your usual package management tools to install the patched kernels and reboot. https://www.theregister.co.uk/2017/0...x_kernel_vuln/ This kernel vulnerability was fixed in April 2015 In short, your post is completely idiotic Note the date on the theregister article. Note the date of the fix. Idiot And it applies to a freakin' old kernel, 3.10.0. My Debian Sid is at 4.14.0 right now. That is the problem with our resident wintendo lusers and Macretards: They all combined have less IQ than a decaying maggot They both still collectively smarter than all linux users combined, living and dead. So where does that leave us? |
#11
|
|||
|
|||
Patch alert! Easy-to-exploit flaw in Linux kernel rated 'highrisk'
In article
Chris Ahlstrom wrote: Peter Köhlmann wrote this copyrighted missive and expects royalties: Anonymous wrote: Anonymous Remailer (austria) wrote: A flaw has been found in the way the Linux kernel loads ELF files. If a malicious program is built as a Position Independent Executable (PIE), the loader can be exploited to map part of that application's data segment over the memory area reserved for its stack. This can result in memory corruption and possible local privilege escalation. Red Hat and Debian are among Linux distros affected by the CVE- 2017-1000253 vulnerability, which was discovered by cloud security firm Qualys. Red Hat's advisory is here. Debian's list of affected releases � which have largely already been fixed � can be found here. Just run your usual package management tools to install the patched kernels and reboot. https://www.theregister.co.uk/2017/0...x_kernel_vuln/ This kernel vulnerability was fixed in April 2015 In short, your post is completely idiotic Note the date on the theregister article. Note the date of the fix. Idiot And it applies to a freakin' old kernel, 3.10.0. My Debian Sid is at 4.14.0 right now. Another weiner who can't read and comprehend. https://access.redhat.com/security/cve/cve-2017-1000253 |
#12
|
|||
|
|||
Patch alert! Easy-to-exploit flaw in Linux kernel rated 'highrisk'
It was Mon, 11 Dec 2017 20:34:16 +0000, when Good Guy wrote:
On 11/12/2017 20:00, Peter Köhlmann wrote: Chris Ahlstrom wrote: Please take away this crap from Windows 10 as it has nothing to do with Windows 10. Thank you for your cooperation and understanding this I DO understand this!!!!! The OP, apparent wintard troll "Anonymous Remailer (austria)", posted his crap to: - alt.privacy.anon-server - alt.comp.os.windows-10 - comp.os.linux.advocacy Then *you* , confirmed punk and wintard troll "Good Guy", jumped into the thread, snipped Peter Köhlmann's info... "This kernel vulnerability was fixed in April 2015 And it applies to a freakin' old kernel, 3.10.0. My Debian Sid is at 4.14.0 right now." And redirected it here to alt.os.linux -- With Linux powering ALL of the world's TOP 500 Supercomputers, satisfaction is at an all-time high! |
#13
|
|||
|
|||
Patch alert! Easy-to-exploit flaw in Linux kernel rated 'highrisk'
In article
Nomen Nescio wrote: In article Peter =?UTF-8?B?S8O2aGxtYW5u?= wrote: Anonymous wrote: Anonymous Remailer (austria) wrote: A flaw has been found in the way the Linux kernel loads ELF files. If a malicious program is built as a Position Independent Executable (PIE), the loader can be exploited to map part of that application's data segment over the memory area reserved for its stack. This can result in memory corruption and possible local privilege escalation. Red Hat and Debian are among Linux distros affected by the CVE- 2017-1000253 vulnerability, which was discovered by cloud security firm Qualys. Red Hat's advisory is here. Debian's list of affected releases � which have largely already been fixed � can be found here. Just run your usual package management tools to install the patched kernels and reboot. Red Hat warned: "An unprivileged local user with access to SUID (or otherwise privileged) PIE binary could use this flaw to escalate their privileges on the system." This issue affects Linux kernel packages as shipped with Red Hat Enterprise Linux 5 and 6 as well as some older versions of Red Hat Enterprise Linux 7. Embedded systems running Red Hat may also need updating. The Linux distro rates attack complexity as "low" but impact "high" � always a bad combination. The flaw represents a possible mechanism for a hacker or other malicious party to step up from a normal user to root � e.g. you get a shell as an ordinary user via a compromised web application or another internet-facing service, and then use the above bug to take full control of the box. It can also be abused by logged-in users to gain administrative access over the machine. Patching is straightforward, in this case, but deployment is the "hard" part as it'll involve a reboot. The vulnerability is nasty but it'd be a whole lot worse if it were remotely triggered, kinda like ShellShock and its ilk. This flaw does not fall into that category, fortunately. Sysadmins are nonetheless advised to review the security of their systems and patch or at least mitigate against the vulnerability at their earliest opportunity. � https://www.theregister.co.uk/2017/0...x_kernel_vuln/ This kernel vulnerability was fixed in April 2015 In short, your post is completely idiotic Note the date on the theregister article. Note the date of the fix. Idiot Look at the date of the CVE, idiot. Obviously it wasn't fixed in 2015 if it was reported in 2017, idiot. https://access.redhat.com/security/cve/cve-2017-1000253 Yeah, idiot! |
#14
|
|||
|
|||
Patch alert! Easy-to-exploit flaw in Linux kernel rated 'highrisk'
On 12/12/17 09:26, Cows are nice wrote:
It was Mon, 11 Dec 2017 20:34:16 +0000, when Good Guy wrote: On 11/12/2017 20:00, Peter Köhlmann wrote: Chris Ahlstrom wrote: Please take away this crap from Windows 10 as it has nothing to do with Windows 10. Thank you for your cooperation and understanding this I DO understand this!!!!! The OP, apparent wintard troll "Anonymous Remailer (austria)", posted his crap to: - alt.privacy.anon-server - alt.comp.os.windows-10 - comp.os.linux.advocacy Then *you* , confirmed punk and wintard troll "Good Guy", jumped into the thread, snipped Peter Köhlmann's info... He tend to crosspost irrelevant posts to a.o.l as he knows that people will be ****ed on him and that what fuels him as he thinks he is running the most used OS on a desktop computer, Minix3 but he falsely thinks it's some crapware from microsoft would be the most common run OS on a desktop computer. "This kernel vulnerability was fixed in April 2015 And it applies to a freakin' old kernel, 3.10.0. My Debian Sid is at 4.14.0 right now." That's what trolls do... |
#15
|
|||
|
|||
Patch alert! Easy-to-exploit flaw in Linux kernel rated 'highrisk'
It was Tue, 12 Dec 2017 18:10:21 +0100, when J.O. Aho wrote:
On 12/12/17 09:26, Cows are nice wrote: ... Then *you* , confirmed punk and wintard troll "Good Guy", jumped into ... He tend to crosspost irrelevant posts to a.o.l as he knows that people will be ****ed on him and that what fuels him as he thinks he is running the most used OS on a desktop computer, Minix3 but he falsely thinks it's some crapware from microsoft would be the most common run OS on a desktop computer. Oh yeah, Good Guy is running Win10 and, undoubtedly, Minix! *Pwned* !!! |
Thread Tools | |
Display Modes | Rate This Thread |
|
|