New Linux bug gives root on all major distros, exploit released

gregmcc

gregmcc

Honorary Master
Joined
Jun 29, 2006
Messages
29,427
Reaction score
10,492
Location
Somewhere in the world
www.bleepingcomputer.com

New Linux bug gives root on all major distros, exploit released

A new Linux vulnerability known as 'Dirty Pipe' allows local users to gain root privileges through publicly available exploits.
www.bleepingcomputer.com www.bleepingcomputer.com

A new Linux vulnerability known as 'Dirty Pipe' allows local users to gain root privileges through publicly available exploits.

Today, security researcher Max Kellermann responsibly disclosed the 'Dirty Pipe' vulnerability and stated that it affects Linux Kernel 5.8 and later versions, even on Android devices.

The vulnerability is tracked as CVE-2022-0847 and allows a non-privileged user to inject and overwrite data in read-only files, including SUID processes that run as root.

Kellerman discovered the bug after tracking down a bug that was corrupting web server access logs for one of his customers.
Click to expand...
 
Windows FTW !!!!

but amongst the "hardcore" IT guys Linux is always better ;)
 
eg2505 said:
I thought Linux was bulletproof and stable
how do things like thing exist for so long?
Click to expand...
I'd just like to interject for a moment. What you’re referring to as Linux, is in fact, GNU/Linux, or as I’ve recently taken to calling it, GNU plus Linux. Linux is not an operating system unto itself, but rather another free component of a fully functioning GNU system made useful by the GNU corelibs, shell utilities and vital system components comprising a full OS as defined by POSIX.
Many computer users run a modified version of the GNU system every day, without realizing it. Through a peculiar turn of events, the version of GNU which is widely used today is often called “Linux”, and many of its users are not aware that it is basically the GNU system, developed by the GNU Project. There really is a Linux, and these people are using it, but it is just a part of the system they use.
Linux is the kernel: the program in the system that allocates the machine’s resources to the other programs that you run. The kernel is an essential part of an operating system, but useless by itself; it can only function in the context of a complete operating system. Linux is normally used in combination with the GNU operating system: the whole system is basically GNU with Linux added, or GNU/Linux. All the so-called “Linux” distributions are really distributions of GNU/Linux.
 
konfab said:
I'd just like to interject for a moment. What you’re referring to as Linux, is in fact, GNU/Linux, or as I’ve recently taken to calling it, GNU plus Linux. Linux is not an operating system unto itself, but rather another free component of a fully functioning GNU system made useful by the GNU corelibs, shell utilities and vital system components comprising a full OS as defined by POSIX.
Many computer users run a modified version of the GNU system every day, without realizing it. Through a peculiar turn of events, the version of GNU which is widely used today is often called “Linux”, and many of its users are not aware that it is basically the GNU system, developed by the GNU Project. There really is a Linux, and these people are using it, but it is just a part of the system they use.
Linux is the kernel: the program in the system that allocates the machine’s resources to the other programs that you run. The kernel is an essential part of an operating system, but useless by itself; it can only function in the context of a complete operating system. Linux is normally used in combination with the GNU operating system: the whole system is basically GNU with Linux added, or GNU/Linux. All the so-called “Linux” distributions are really distributions of GNU/Linux.
Click to expand...
Yeah no Stallman wouldn't even use most of the distro's out there. Not to mention the distro's without GNU.
 
but my question still stands, how can a major bug exist in Linux/GNU or in a major Fork of a distro this long?
I mean the code was combed through multiple times, and something this major existed for so long,
 
eg2505 said:
but my question still stands, how can a major bug exist in Linux/GNU or in a major Fork of a distro this long?
I mean the code was combed through multiple times, and something this major existed for so long,
Click to expand...
If you want security and stability, you'll be on an LTS release with an older tried and trusted kernel and thus wouldn't be affected. People write the code and can make mistakes.
 
eg2505 said:
but my question still stands, how can a major bug exist in Linux/GNU or in a major Fork of a distro this long?
I mean the code was combed through multiple times, and something this major existed for so long,
Click to expand...
It's a new bug in later kernel release paths. 3.10 kernel is not affected (which is why rhel7 is safe)
 
so to summarize , your system is only as secure as its weakest link , which is generally your end users.
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X