Linux kernel vulnerability applies to OpenSUSE and Ubuntu2014-03-21 | Comebuy News
The Linux distributions, OpenSUSE and Ubuntu probably have a weakness in a low-level interface for 32-bit applications. Both had recently support for the Linux x 32 introduced application binary interface, for now, a leak is reported.
The vulnerability allows users, such as malware, to increase their rights because it allows changes to the kernel. Discovers she has the chrome OS developer Kees Cook, which according to all Linux kernels from 3.4 are affected, providing 32-bit support as an option. He presented also a sample code which exploited the vulnerability.
The interface x 32 ABI is conceptually similar to an application programming interface (API), is not running but like this on the software level, but at the machine language level. Its purpose is to enable 32-bit applications from 64-bit-to help capitalize on x 86 architectures. To do this, but when compiling the Linux kernel option must be enabled. OpenSUSE and Ubuntu by default bring it.
Error correction is that Ubuntu has already made an update. Linux users can even check if your system is affected by her look in the kernel settings, if the flag CONFIG_X86_X32 is set.
Is not affected, for example, red has: Although users who argued for x 32 support for Fedora 18 had red she's up to outside, where it argued with security concerns. "That would concern anyone, because it would expose him to potential security risks in the form of still not found security vulnerabilities", wrote red has kernel developers Dave Jones in September 2012. "in addition it increases the attack surface for all users, although 99.9 percent will never use this function."
[with material by Michael Lee, ZDNet.com]
Tip: How well you are familiar with open source? Check your knowledge - with 15 questions on silicon.de