[SCADASEC] Major Linux security hole found
ljknews
ljknews at mac.com
Tue Feb 12 14:06:45 CST 2008
At 12:58 PM -0600 2/12/08, Clint Bodungen wrote:
> You're right, I glanced at it too quickly and misread it. It's a memory
> space data pipe/redirection. Thanks for keeping me in check! ;)
>
> That being said, it's still a local privilege escalation vulnerability and
> my mitigation comments still apply.
As I understand your comments, they are mainly aimed at an
outside attack. Privilege escalation can also enable an
attack by an insider, which would require additional defense
so long as this vulnerability remains.
I don't know about Linux, but on other operating systems
it would be possible to scan executable images to find any
new ones that are calling the vulnerable system service
(sys_vmsplice in this Linux case). That would not give
an immediate defense, but might detect an insider who is
building up to an attack (or has broken the rules on
importing unauthorized software and just has not yet
exercised the trojan horse part of it).
--
Larry Kilgallen
More information about the scadasec
mailing list