Reply to post: Re: Security??? @AC re Linux OS compromises

Why Windows 10 on Raspberry Pi 2? Upton: 'I drank the Kool-Aid'

Peter Gathercole Silver badge

Re: Security??? @AC re Linux OS compromises

The cited defect in the Linux kernel is actually a privilege escalation issue.

Now I know that I don't know the full details of the way that this was used, but I would suspect that it is not a remote vulnerability. Looking at it, it appears that in order to exploit it, you need to be able to have a local user session on the system, which implies that the first point of security has already been breached. Looking at the stats, this is probably because of lax user or password administration or issues with input validation of data in web pages.

Indeed, the quoted stats. appear to show that the highest vector for attack is a file inclusion, with the second highest being an attack against the administrator like password stealing or sniffing.

So if web site owners tightened up their code ad administration practices, even if the bug still existed, it would not be nearly as important.

Anyway, the public aspects of the Zone-H web site appear to show that it is not frequently maintained (only two news items in 2014), although there may be more information to logged in users, so it's probably not that creditable source of information.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019