{BBI}Nexus{BBI} Posted July 18, 2009 Report Share Posted July 18, 2009 A recently published attack exploiting newer versions of the Linux kernel is getting plenty of notice because it works even when security enhancements are running and the bug is virtually impossible to detect in source code reviews... Read more at The Register. Any security experts here who can put this into some understandable plain speaking context? Quote Link to comment Share on other sites More sharing options...
tux99 Posted July 18, 2009 Report Share Posted July 18, 2009 (edited) The exploit works only when a security extension knows as SELinux, or Security-Enhanced Linux, is enabled. Conversely, it also works when audio software known as PulseAudio is installed. I always knew Pulseaudio is evil, I'm quite surprised though, that it can trigger a kernel vulnerability as it's running in userland AFAIK. Edit: apparently it's related to some SUID binaries (of pulseaudio I imagine). Edited July 18, 2009 by tux99 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.