Another long term dangerous flaw?

This should not pose any problem for personal home use. Someone either requires local access to a computer to exploit this, or the computer must run some kind of server that allows remote shell access or file uploads. Or possibly a web server that is not properly secured against sql injection attacks.

Even servers that allow file uploads would still need to execute uploaded files in order for the exploit to be an issue.

So all home users need not worry, and I expect patched kernels are becoming available in most distributions shortly.

What is troubling is that it has existed for so long, which means there are probably several compromised servers in the world. And once a server has been compromised, it can be difficult to confidently secure it again without doing a full reinstall.
 
George why live in such a dangerous world? Gandhi found peace here, Martian found peace here...we can find peace here. Hacking our Linux boxes remains more trouble than it's worth to any one except your wifes boyfriend.":O}.
 
Any local privilege escalation can be turned into a remote one by simply finding a web application that can be compromised, or a SQL injection vulnerability.

And saying that the bug has been unpatched for nine years is misleading. That the bug has EXISTED for nine years is indisputable, but in all that time it's also been UNIDENTIFIED. Now that it has been identified, it's being fixed.
 
You must log in or register to reply here.
Back
Top