klikster Posted July 20, 2013 Share Posted July 20, 2013 "Critical Linux vulnerability imperils users, even after “silent” fix A month after critical bug was quietly fixed, "root" vulnerability persists.For more than two years, the Linux operating system has contained a high-severity vulnerability that gives untrusted users with restricted accounts nearly unfettered "root" access over machines, including servers running in shared Web hosting facilities and other sensitive environments. Surprisingly, most users remain wide open even now, more than a month after maintainers of the open-source OS quietly released an update that patched the gaping hole. The severity of the bug, which resides in the Linux kernel's "perf," or performance counters subsystem, didn't become clear until Tuesday, when attack code exploiting the vulnerability became publicly available (note: some content on this site is not considered appropriate in many work environments). The new script can be used to take control of servers operated by many shared Web hosting providers, where dozens or hundreds of people have unprivileged accounts on the same machine." Source Link to comment Share on other sites More sharing options...
Chicog Posted July 20, 2013 Share Posted July 20, 2013 Belongs in the Linux thread, innit? Link to comment Share on other sites More sharing options...
klikster Posted July 20, 2013 Author Share Posted July 20, 2013 ^ It's about Linux web servers as well, not just Linux OS. I'll let the mods figure out where is best. Link to comment Share on other sites More sharing options...
Chicog Posted July 20, 2013 Share Posted July 20, 2013 That makes perfect sense... Link to comment Share on other sites More sharing options...
muratremix Posted July 21, 2013 Share Posted July 21, 2013 Any idea how to apply patch on centos 5/6 ? Link to comment Share on other sites More sharing options...
jpinx Posted July 21, 2013 Share Posted July 21, 2013 (edited) Belongs in the Linux thread, innit? Nah -- belongs in the bin for sensationalism - written by a hack with little or no knowledge of the realities and persuaded his buddies to write comments to support him. Note amongst the comments on the referenced page... http://arstechnica.com/security/2013/05/critical-linux-vulnerability-imperils-users-even-after-silent-fix/ ..... You're sensationalizing your argument. Yes, cyber security is important, but Linux is still one of the most secure systems around. There are flaws, much like anything man-made, but certainly less frequent than other systems (aside from FOSS BSD derivatives). You're lying to yourself if you think Windows/OSX don't have gaping security flaws. Plus, data encryption is still a thing. That being said, you honestly think Linux devs are actively trying to cover up this stuff? The code is freely available. Anyone can see it. Anyone can get on a mailing list and see the code for newly patched vulnerabilities. If you weren't too busy pointing fingers and blaming people, and knew anything about analyzing code, you could have spotted this flaw and patched it two years ago. There are 10 million lines of code in the Linux kernel. Join the community and help out! By the way - the referenced link to the bug is a dead domain, and the url looks remarkably like the sor of thing that disguises a windows virus. Windows users beware clicking randon links of this nature - read the url before you click All in all -- someone blowing smoke Edited July 21, 2013 by jpinx Link to comment Share on other sites More sharing options...
klikster Posted July 21, 2013 Author Share Posted July 21, 2013 ^^ It's not my argument and I'm not sensationalizing anything, just referencing the article. Did you fail to see the quotes? If you looked at the article on ArsTechnica you should have noticed that I quoted it verbatim. Please pull you head out of your nether regions and direct your bluster to the author of the article. Link to comment Share on other sites More sharing options...
jpinx Posted July 21, 2013 Share Posted July 21, 2013 ^^ It's not my argument and I'm not sensationalizing anything, just referencing the article. Did you fail to see the quotes? If you looked at the article on ArsTechnica you should have noticed that I quoted it verbatim. Please pull you head out of your nether regions and direct your bluster to the author of the article. No need to be rude I was only quoting the article you referenced, not accusing you of anything other than getting your facts wrong. This "hole" was addressed and fixed months ago in debian. I can't speak for other distros but I can agree with the sentiment that the dev's are not forthcoming, but the fixes for all known problems are in the security upgrades. Dev's don't advertise holes - they fix them Link to comment Share on other sites More sharing options...
jpinx Posted July 21, 2013 Share Posted July 21, 2013 (edited) duplicate post removed Edited July 21, 2013 by jpinx Link to comment Share on other sites More sharing options...
klikster Posted July 21, 2013 Author Share Posted July 21, 2013 " .. not accusing you of anything other than getting your facts wrong." Which of MY facts are wrong? Link to comment Share on other sites More sharing options...
frankold Posted July 21, 2013 Share Posted July 21, 2013 Any idea how to apply patch on centos 5/6 ? Yum update ;-) Link to comment Share on other sites More sharing options...
jpinx Posted July 22, 2013 Share Posted July 22, 2013 " .. not accusing you of anything other than getting your facts wrong." Which of MY facts are wrong? The fact that you quoted a very misleading and inaccurate article. Don't believe everything you read online. Link to comment Share on other sites More sharing options...
klikster Posted July 22, 2013 Author Share Posted July 22, 2013 " .. not accusing you of anything other than getting your facts wrong." Which of MY facts are wrong? The fact that you quoted a very misleading and inaccurate article. Don't believe everything you read online. I quoted an article, complete with source, that may or may not be misleading. That is a fact. So therefore "my facts" cannot have been wrong. You seem to be much better at trolling than logic. Link to comment Share on other sites More sharing options...
jpinx Posted July 22, 2013 Share Posted July 22, 2013 Link to comment Share on other sites More sharing options...
Phil Conners Posted July 22, 2013 Share Posted July 22, 2013 Belongs in the Linux thread, innit? Certainly does. Moved. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now