A serious vulnerability has been found in the Linux kernel.
In all Linux kernels of version 2.6.x, a vulnerability was found that allows a local user to execute their code with root privileges. This problem is caused by the possibility of dereferencing a NULL pointer when performing certain actions with pipes.
As a protection method, you can prohibit page mapping at the zero address by setting the value of the / proc / sys / vm / mmap_min_addr variable to a non-zero value.
Fortunately, the problem is fixed in 2.6.32-rc6, and the owners of Red Hat Enterprise can fix everything through an update. The rest of linuksoidy wait for an update, or a patch for your kernels
List of vulnerable kernels
As a protection method, you can prohibit page mapping at the zero address by setting the value of the / proc / sys / vm / mmap_min_addr variable to a non-zero value.
Fortunately, the problem is fixed in 2.6.32-rc6, and the owners of Red Hat Enterprise can fix everything through an update. The rest of linuksoidy wait for an update, or a patch for your kernels
List of vulnerable kernels
')
Source: https://habr.com/ru/post/74284/
All Articles