Home > slashdot > Linux Xorg Critical Security Flaw Silently Patched

Linux Xorg Critical Security Flaw Silently Patched

August 18th, 2010 08:32 admin Leave a comment Go to comments

eldavojohn writes “On June 17th, the X.org team was notified by Invisible Things Lab of a critical security flaw (PDF) that affected both x86_32 and x86_64 platforms. The flaw deals with escalated privileges of a user process that has access to the X server. The founder of ITL said of the flaw, ‘The attack allows a (unpriviliged) user process that has access to the X server (so, any GUI application) to unconditionally escalate to root (but again, it doesn’t take advantage of any bug in the X server!). In other words: any GUI application (think e.g. sandboxed PDF viewer), if compromised (e.g. via malicious PDF document) can bypass all the Linux fancy security mechanisms, and escalate to root, and compromise the whole system.’ This has apparently been a security flaw since kernel 2.6 was released. From the article, ‘On 13 August, Linus Torvalds committed an initial fix, but several patches were added afterward for various reasons. The problem has been addressed in versions 2.6.27.52, 2.6.32.19, 2.6.34.4 and 2.6.35.2 of the kernel.’”

Source: Linux Xorg Critical Security Flaw Silently Patched

Related Articles:

  1. Root Privileges Through Linux Kernel Bug
  2. Critical Flaw Found In Backtrack Linux
  3. Exploits Emerge For Linux Privilege Escalation Flaw
  4. Patched MS Bluetooth Flaw Exposes Even Disconnected PCs
  5. RDS Protocol Bug Creates a Linux Kernel Hole, Now Fixed
blog comments powered by Disqus
YOYOYOOYOYOYO