All Linux loyalists have a firm belief that it is one of the most secure systems around. However, the lack of security advisories for the OS has been the subject of intense criticism for many in security circles recently.
Some critics believe the developers of the Linux kernel hide critical vulnerabilities that can endanger the security of organizations running Linux in highly sensitive environments.
Kernel Vulnerability in Linux
Of late, a kernel vulnerability was discovered using fuzzing in linux kernels 2.6.37 till 3.8.9. The vulnerability requires the kernel to be compiled with PERF_EVENTS, but unfortunately that seems the case for quite some Linux distributions. CentOS even back-ported the vulnerability to 2.6.32.
The event came into light after the attack code exploiting the vulnerability became publicly available. The script could be used by any attacker to gain control of servers operated by many shared Web hosting providers, where as many as hundreds of users have unprivileged accounts on the same machine.
The versions of the Linux kernel affected by this vulnerability include 2.6.37 to 3.8.9. Hackers who have limited access to Linux machines could easily exploit the vulnerability in a desktop browser or a Web application and use the bug to escalate their privileges to root.
Complete information is available on National Vulnerability Database page.
Via ISC Diary.
