New Linux Flaw Enables Null Pointer Exploits

Michael Lauzon mlauzon-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org
Sat Jul 18 15:57:12 UTC 2009


>From the article:

A researcher has published exploit code for a new vulnerability he
discovered in the Linux kernel. The vulnerability is an especially
interesting one in that the researcher who discovered it, Brad
Spengler, has demonstrated that he can use the weakness to defeat many
of the add-on security protections offered by SELinux and AppArmor.

The vulnerability affects both the 2.6.30 and 2.6.30.1 releases of the
Linux kernel, and in a message to the Daily Dave mailing list Spengler
said that he was able to exploit the flaw. He said that he was able to
defeat the protection against exploiting NULL pointer dereferences on
systems running SELinux and those running typical Linux
implementations. SELinux is a set of security enhancements to the
Linux OS developed by the National Security Agency.

Link: http://threatpost.com/blogs/researcher-uses-new-linux-kernel-flaw-bypass-selinux-other-protections

-- 
Sincerely,

Michael Lauzon
--
The Toronto Linux Users Group.      Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists





More information about the Legacy mailing list