New Linux Kernel Flaw Allows Null Pointer Exploits

Trailrunner7 writes "A new flaw in the latest release of the Linux kernel gives attackers the ability to exploit NULL pointer dereferences and bypass the protections of SELinux, AppArmor and the Linux Security Module. Brad Spengler discovered the vulnerability and found a reliable way to exploit it, giving him complete control of the remote machine. This is somewhat similar to the magic that Mark Dowd performed last year to exploit Adobe Flash. Threatpost.com reports: 'The vulnerability is in the 2.6.30 release of the Linux kernel, and in a message to the Daily Dave mailing list Spengler said that he was able to exploit the flaw, which at first glance seemed unexploitable. He said that he was able to defeat the protection against exploiting NULL pointer dereferences on systems running SELinux and those running typical Linux implementations.'"

Fast! leave the sinking Ship!

[Anonymous Coward]

Fast! leave the sinking Ship before its too late!

Re:Double standards

[infolation]

This language is called Pedantry. A pedant pedantically peddles english into pedanticism.

Re:I always disable those

[140Mandak262Jamuna]

They create vulnerabilities by allowing remote code to overload error handlers and thus pwn your system?

Re:Just don't use that version

[INT_QRK]

don't know why but "uname -a" was replaced by ">" in my above post...something I did

Re:Double standards

[ivucica]

gcc -pedantic $@

Re:Double standards

[alnjmshntr]

Right... Because Microsoft are really losing sleep over the negative comments posted on slashdot, so they have assembled a crack team of slashdotters to game the moderation system in their favour.

You have to be kidding me.

Re:Just like Linux

[Anonymous Coward]

I'm using NoScript and Adblock Plus so I'm not worried.

Interesting

[improfane]

Guys, I'm trying to decide what to post:

[ ] Downplay how serious flaw is
[ ] Compare to Window's track record
[x] Make a meta-reference to Slashdot psychology
[ ] Post work-around that doesn't fix problem
[ ] Say that flaw is a feature
[ ] bash Windows
  [ ] Claim that not all Windows software is bad
[ ] Claim that the more popular gets, Linux will be targeted more
[ ] Pretend I understand the problem ...or we could RFA

Re:Double standards

[jelle]

but, erm...

You're right...

I should have had that coffee first...

Re:Serious bug in gcc?

[RightSaidFred99]

Because... so many people know the C language? And you clearly don't?

Re:Double standards

[kdemetter]

i compiled my kernel using that flag , and now it boots Windows instead.

Re:Double standards

[Tenebrousedge]

In contrast programmers for Windows write perfect code every time. They've heard of the concept of 'debugging' but don't see a real need for it. This, and the unwavering efforts of Mr. Ballmer, have had great success in preserving the legacy handed down from Bill Gates: a bug-free OS. Viruses and exploits affect only lesser systems, those unfortunate enough to run some variant of unix.

Sometimes, when I contemplate the beauty of the Windows source code, my speech centers shut down. I think that if I were ever to meet a Windows dev, blargle blerk grop lorem ipsum bleeble warble whelk!

'Tis truly a paradise we live in.