Jump to content

Linux Server Exploit


klikster

Recommended Posts

"Critical Linux vulnerability imperils users, even after “silent” fix A month after critical bug was quietly fixed, "root" vulnerability persists.

For more than two years, the Linux operating system has contained a high-severity vulnerability that gives untrusted users with restricted accounts nearly unfettered "root" access over machines, including servers running in shared Web hosting facilities and other sensitive environments. Surprisingly, most users remain wide open even now, more than a month after maintainers of the open-source OS quietly released an update that patched the gaping hole.

The severity of the bug, which resides in the Linux kernel's "perf," or performance counters subsystem, didn't become clear until Tuesday, when attack code exploiting the vulnerability became publicly available (note: some content on this site is not considered appropriate in many work environments). The new script can be used to take control of servers operated by many shared Web hosting providers, where dozens or hundreds of people have unprivileged accounts on the same machine." Source

Link to comment
Share on other sites

Belongs in the Linux thread, innit?

Nah -- belongs in the bin for sensationalism - written by a hack with little or no knowledge of the realities and persuaded his buddies to write comments to support him.

Note amongst the comments on the referenced page...

http://arstechnica.com/security/2013/05/critical-linux-vulnerability-imperils-users-even-after-silent-fix/

..... You're sensationalizing your argument. Yes, cyber security is important, but Linux is still one of the most secure systems around. There are flaws, much like anything man-made, but certainly less frequent than other systems (aside from FOSS BSD derivatives). You're lying to yourself if you think Windows/OSX don't have gaping security flaws. Plus, data encryption is still a thing.

That being said, you honestly think Linux devs are actively trying to cover up this stuff? The code is freely available. Anyone can see it. Anyone can get on a mailing list and see the code for newly patched vulnerabilities. If you weren't too busy pointing fingers and blaming people, and knew anything about analyzing code, you could have spotted this flaw and patched it two years ago. There are 10 million lines of code in the Linux kernel. Join the community and help out!
By the way - the referenced link to the bug is a dead domain, and the url looks remarkably like the sor of thing that disguises a windows virus. Windows users beware clicking randon links of this nature - read the url before you click wink.png
All in all -- someone blowing smoke smile.png
Edited by jpinx
Link to comment
Share on other sites

^^ It's not my argument and I'm not sensationalizing anything, just referencing the article. Did you fail to see the quotes? If you looked at the article on ArsTechnica you should have noticed that I quoted it verbatim.

Please pull you head out of your nether regions and direct your bluster to the author of the article.

Link to comment
Share on other sites

^^ It's not my argument and I'm not sensationalizing anything, just referencing the article. Did you fail to see the quotes? If you looked at the article on ArsTechnica you should have noticed that I quoted it verbatim.

Please pull you head out of your nether regions and direct your bluster to the author of the article.

No need to be rude :) I was only quoting the article you referenced, not accusing you of anything other than getting your facts wrong. This "hole" was addressed and fixed months ago in debian. I can't speak for other distros but I can agree with the sentiment that the dev's are not forthcoming, but the fixes for all known problems are in the security upgrades. Dev's don't advertise holes - they fix them :)

Link to comment
Share on other sites

" .. not accusing you of anything other than getting your facts wrong."

Which of MY facts are wrong?

The fact that you quoted a very misleading and inaccurate article. :)

Don't believe everything you read online. ;)

Link to comment
Share on other sites

" .. not accusing you of anything other than getting your facts wrong."

Which of MY facts are wrong?

The fact that you quoted a very misleading and inaccurate article. smile.png

Don't believe everything you read online. wink.png

I quoted an article, complete with source, that may or may not be misleading. That is a fact. So therefore "my facts" cannot have been wrong.

You seem to be much better at trolling than logic.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.



×
×
  • Create New...