A hole has been found in Linux kernel versions stretching back eight years that is "as trivial as it can get to exploit", according to the Google employees who discovered it.
Julien Tinnes and Tavis Ormandy, the security researchers who discovered the vulnerability, have already issued a patch for the flaw. According to a blog post written by Tinnes last week, the hole "affects all 2.4 and 2.6 kernels since 2001 on all architectures", and is "the public vulnerability affecting the greatest number of kernel versions". "The issue lies in how Linux deals with unavailable operations for some protocols. sock_sendpage and others don't check for Null pointers before dereferencing operations in the ops structure," Tinnes wrote. "Instead the kernel relies on correct initialization of those proto_ops structures with stubs (such as sock_no_sendpage) instead of Null pointers." Tinnes said that, as the vulnerability leads to the kernel executing code at Null, it is "as trivial as it can get to exploit".
Full Story: Highly exploitable Linux kernel bug found, patched - ZDNet Asia
Julien Tinnes and Tavis Ormandy, the security researchers who discovered the vulnerability, have already issued a patch for the flaw. According to a blog post written by Tinnes last week, the hole "affects all 2.4 and 2.6 kernels since 2001 on all architectures", and is "the public vulnerability affecting the greatest number of kernel versions". "The issue lies in how Linux deals with unavailable operations for some protocols. sock_sendpage and others don't check for Null pointers before dereferencing operations in the ops structure," Tinnes wrote. "Instead the kernel relies on correct initialization of those proto_ops structures with stubs (such as sock_no_sendpage) instead of Null pointers." Tinnes said that, as the vulnerability leads to the kernel executing code at Null, it is "as trivial as it can get to exploit".
Full Story: Highly exploitable Linux kernel bug found, patched - ZDNet Asia
