More information: http://www.h-online.com/open/news/item/Exploit-for-local-Linux-kernel-bug-in...
On Sat, May 18, 2013 at 3:18 PM, Petr Bena benapetr@gmail.com wrote:
so far I found the problem with perf_events where exploit-containing binary can elevate permissions of regular user to root. This is indeed a big issue, but it seems to affect only systems with kernel newer than 2.6.36 and only these where this feature is enabled. Also it seems to me that only systems where untrusted users have shell access are affected by this since it require local execution of exploit.
But thanks for information, despite it doesn't seem to require urgent patch on systems with older kernel or any system where untrusted users have no shell access (such as webservers) I will consider updating my servers as well asap
On Sat, May 18, 2013 at 11:47 AM, Happy Melon happy.melon.wiki@gmail.com wrote:
On 17 May 2013 23:26, Petr Bena benapetr@gmail.com wrote:
hey, could you point me to that security patch? I am curious as I am myself running bunch of linux boxes
+1 _______________________________________________ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l