Author Topic: Linux ROOT Exploit  (Read 817 times)

0 Members and 1 Guest are viewing this topic.

Offline TB-AV

  • Honorable Ex-Mod
  • All Time Legend
  • *****
  • Posts: 15010
  • Good Vibes 329
Gone

Offline Omar

  • Arena Rocker
  • *****
  • Posts: 806
  • Good Vibes 52
  • I'm stubborn...so is my guitar...
Re: Linux ROOT Exploit
« Reply #1 on: October 25, 2016, 10:56:27 am »
Does this affect websites running in Linux servers instead of windows?

Offline TB-AV

  • Honorable Ex-Mod
  • All Time Legend
  • *****
  • Posts: 15010
  • Good Vibes 329
Re: Linux ROOT Exploit
« Reply #2 on: October 25, 2016, 02:02:26 pm »
Quote
This is a rare condition vulnerability which is still present on all systems and servers using a Linux kernel, which are still likely to be prone to malicious attacks. It is advised, yet again, to update your PC as soon as the latest security update is made available to you.
Gone

Offline bjsteeves

  • Bedroom Rocker
  • *
  • Posts: 17
  • Good Vibes 0
Re: Linux ROOT Exploit
« Reply #3 on: October 25, 2016, 04:32:27 pm »
I believe that you are referring to the "copy-on-write (COW)" bug.

This bug is very hard to take advantage of on any system. However, it is much more vulnerable on VM (virtual machines) running on a server. There already is a patch for this bug. I updated my linux system this morning. My opinion is both Linux and Unix are much more secure than Windows (I have certifications in both). But, as long as you keep updating the latest patches, all these systems will be secure enough for any use.

Offline Majik

  • Stadium Superstar
  • ******
  • Posts: 1773
  • Good Vibes 85
Re: Linux ROOT Exploit
« Reply #4 on: October 25, 2016, 06:37:03 pm »
It needs local user access. However, bear in mind that a web server will be running as a local user. If you can inject executable code through the webserver somehow (either via a vulnerability in the webserver application itself, or in the app it's running) then it could be possible to exploit this without having a user account on the system.

As bjsteeves says, keep your systems patched, regardless of OS.

It does emphasise an issue I've highlighted in another thread: "IoT" systems and similar. There's millions of devices out there on the Internet running all sorts of stuff, a lot of it Linux. Regardless of OS, this equipment is as vulnerable to attack as an Internet connected PC or server. If it's not patched, it becomes at risk, in the same way as any desktop PC, laptop, or server does if that hasn't been patched.

The trouble is most of the vendors of these devices do not keep them up to date with security fixes. This means they are at risk of being compromised.

And, they are being compromised: very recently a widespread "cyber terrorism" attack has been taking place which has impacted services across the Internet. It was orchestrated by taking advantage of vulnerabilities in unpatched and poorly secured IP CCTV cameras.

If you have a router, it will be running an OS. If that router hasn't had a security update recently, then the chances are it's vulnerable to hacking.

Personally, I wouldn't touch a mainstream vendor's router with a bargepole these days (or, at least I would put DD-WRT or similar on it, and keep it up to date with security patches). It's like giving hackers a computer on your network they can use to steal your information and to conduct cyber-attacks from.

Cheers,

Keith
Guitars: PRS Singlecut S2, Fender Tele Lite Ash, G&L Legacy Tribute, Freshman Apollo 2 OCBX
Amps: Bugera G5 Head, Boss Katana 100
All sorts of other stuff.

Offline bjsteeves

  • Bedroom Rocker
  • *
  • Posts: 17
  • Good Vibes 0
Re: Linux ROOT Exploit
« Reply #5 on: October 26, 2016, 04:04:22 pm »
Majik...So true.  As for IoT (Internet of Things) devices, I won't put them on my network. As you stated, they will not get proper updates and already are insecure, so they won't ever be on any network of mine.

Home routers are an item that almost never gets updated. Mine is not very old and there are no updates yet for it, but I also run a firewall on my desktop so I don't expect any issues.

 

Get The Forum As A Mobile App