No announcement yet.

The High-Profile X.Org / Linux Kernel Security Bug

  • Filter
  • Time
  • Show
Clear All
new posts

  • The High-Profile X.Org / Linux Kernel Security Bug

    Phoronix: The High-Profile X.Org / Linux Kernel Security Bug

    As many learned today, there's been a rather critical bug living within the Linux kernel for several years (as possibly far back as the original Linux 2.6 kernel release) that was finally fixed and this "high priority" bug is now publicly detailed. This issue (CVE-2010-2240), which allows arbitrary code to be executed as root, is easily exploitable by most current Linux desktops via simply running any compromised GUI application that has access to the running X.Org Server...

  • #2
    I'm speechless... All the time we joke about Windows security...

    Question: We I get a backported 2.6.34/2.6.35 kernel for Lucid? Don't want to reinstall OS in a year


    • #3
      Yeah, well. As someone who uses Windows (7 and previously XP), Linux still seems a hell of a lot better. Every month when doing a Windows Update, there's a whole bunch of security fixes that read "this patch prevents others from taking total control over your computer", at which point I always have to grin. And since MS cannot touch the Windows kernel (it would break a hell of a lot of rootki..., er, security software), they plug every hole with kludges in userspace.

      So we can still joke about Windows security as much as we want, no questions asked.


      • #4
        This requires a running X server, so servers which don't run X (no server should run X) won't be attackable by this.


        • #5
          The bug isn't limited to X, it isn't even related to X. It's a kernel bug.

          It's unwise to assume that a computer is safe just because it doesn't use X.

          The example-exploit just uses X for two reasons:
          a) X listens to clients, it can be made to allocate memory and it can be made to give you access to shared memory. These are requirements to hit the bug.
          b) it runs as root, allowing the whole "gain root" part.

          You may find other applications that listen to clients and use shared memory, thus possibly hitting the bug. You may gain access to a different user (even if it isn't root), or you may simply crash an important task for fun.
          It's a good thing that most server programs enforce reasonable memory limits against DDoS attacks, thus protecting against this bug.
          Another limitation is the shared memory part: you have to execute code on the machine to exploit it.

          I'd still consider my server safe, but that's mostly because nobody but me may login. If others had ssh access, I'd now be running around panicking, even though there's no X installed.


          • #6
            Originally posted by FunkyRider View Post
            I'm speechless... All the time we joke about Windows security...
            Huh? Every OS has bugs and vulnerabilities. The matter is how fast they are fixed after their discovery...


            • #7
              and again...


              • #8
                The security patch mentioned is broke in the,, kernels. Please refer to kernel bug So you risk a computer that won't boot if you do install. The next stable cycle will have the fix.


                • #9
                  In case of a local attacker that can use MIT-SHM extension (which is the most likely scenario)
                  Oh no, not a local exploit. I'm quaking in my boots.
                  I sure hope my neighbor doesn't crack my wifi and exploit my Linux machines with local vulnerabilities.


                  • #10
                    Originally posted by .CME. View Post
                    Uhm, Michael explicitly mentions that it's possible to run X as non-root with the proprietary nvidia-driver.