Really?
I see there's that magic word 'local'.
I shall proceed to not panic.
An advisory from Cisco issued last Friday, October 13th gave us the heads-up on a local privilege escalation vulnerability in the Advanced Linux Sound Architecture (ALSA). The bug is designated CVE-2017-15265, but its Mitre entry was still marked “reserved” at the time of writing. Cisco, however, had this to say about it …
Word on the street is that if a random person can get code to run on your machine, the game's already over. But this would be that other game: trying to clamp down the certainty around the people you hope you can trust that much, like if they work for you[r boss] and login on your network.
P.S. I really believe that's a straw man
I realise this is all pre-publication, so the lack of detail isn't surprising, but I'm struggling to understand how this works. If the attacking thread is in the same process as the victim, how can it be a privilege elevation and why wouldn't it just create its own port and then attack that? If, on the other hand, it is in a different process, then presumably ALSA has placed some kind of security mechanism around its ports. (If it hasn't, that's a hideous design error, but presumably it would have been spotted yonks ago.)
It didn't take you Microsofties long to start posting the same old tired PR/FUD. Haven't you got any new material? At least then we wouldn't have to repeatedly read the same tired fanboi drivel.
Besides, people in glass houses and all that: there were 60+ fixes for nasty Windows/MS software vulnerabilities in the last round of patching that leaky cheese that Microsoft call finished software products.
https://www.theregister.co.uk/2017/10/10/october_2017_microsoft_windows_patch_tuesday/
With software as insecure as Microsoft sell, I'd be more careful mentioning security if I were you, just in case it drew attention to the fact Linux, while not perfect, is still far more secure than anything Microsoft has ever made.
I was thinking the same thing..
Just another 'pud' to reinforce the concept, "half the people you come across are below average intelligence".
If you want to be closed minded enough to think one OS is superior to another, fine. Just don't try to throw your crap here. Most of us are professional enough to become proficient on more than one OS; as opposed to sticking to one, and attempting to belittle the rest.
Aodhhan: "If you want to be closed minded enough to think one OS is superior to another, fine. Just don't try to throw your crap here. Most of us are professional enough to become proficient on more than one OS; as opposed to sticking to one, and attempting to belittle the rest."
Straw man and you know it.
Once you move beyond insults and assumptions, I agree with the rest of your post RE closed minds.
Funnily enough, I was just making that exact point to JJ Carter. I was merely pointing out how tedious it is to always have comments like JJ's closed-minded and unnecessary digs at OSS spoiling the discussions. Why was there any need to bring open/closed source into it? This was a simple programming error and could have been on any system, even JJ's OS of choice (another point I made with my link).
Pre-emptive? Oh come on, it is only ever a matter of time until JJ brings the subject around to MS superiority and/or their rivals inferiority in some way, e.g. the "many eyes" comment. Check the post history, JJ has probably posted that exact comment more times than I have ever posted here.
Check the post history, JJ has probably posted that exact comment more times than I have ever posted here.
Lets see.. Your posts : 57 (at time of my posting).
JJ's "many eyes" comments... : [oblig xkcd]
"there were 60+ fixes for nasty Windows/MS software vulnerabilities in the last round of patching "
That's across ALL Microsoft products. Google beat that with Android alone.... Which of course is OSS / Linux based. Linux is no better than Windows in that regard. If not as a typical distribution much worse.
Most of the rack-mount servers I have encountered lack onboard sound, and so none of the ALSA modules get loaded. Contrariwise, most of the machines I have encountered which have some form of sound card tend to be on the inside of a LAN, without SSH forwarded through the router.
Either I'm somewhere really atypical, or this might not be as serious as some are making out.
Elevation of privilege are exactly those bugs who don't require root to become root. And lateral movement means you jump from system to system - exploiting each system vulnerabilities, to thoroughly p0wn a network. Do you really believe only front-end server are p0wned? And that intruders are interested only on front-end ones for spam botnets and DDoS? And are not interested in going deep into a network? They usually expect the most valuable data aren't on front-end systems. And getting into a sysadmin machine while he or she listen to some pirated music helps a lot to gain more privileges....
Without standing on top of a very tall mountain shouting admire my ignorance, but don't CISCO make network gear? More specifically why would their products' embedded OS have ALSA installed?
More to the point: https://www.cvedetails.com/vulnerability-list/vendor_id-26/Microsoft.html (50+ for september alone, some quite good ones too: red)
Of course CVE's don't mean much on their own
And here was I thinking that maybe for once, we'd have a month go by without a Linux vulnerability.
Silly me.
It's sad seeing the muppets here jumping through hoops to defend something using arguments that they would laugh at if an MS user used with the same justification.
Loads of criticisms of Flash on windows, but "linux servers don't use sound".
Seeing as ALSA is built into the default kernel, you are more likely to find ALSA in linux servers than flash in windows servers.
I'm still waiting the sanctimonious "well, my distribution has already released a fix, and I've patched my machine" from people who laugh at published windows exploits that are also published when a fix is available.
How about the tired old line "if the OS was properly written with the proper security separations, this sort of severe bug wouldn't be possible?" - It seems to be strangely absent here.