Massive Linux vulnerability discovered

Massive Linux vulnerability discovered

A zero-day vulnerability allowing Android or Linux applications to escalate privileges and gain root access has been discovered, raising concerns for a vast array of servers and mobile devices.

Any machine with Linux Kernel 3.8 or higher is vulnerable, according to the report by security vendor Perception Point, which discovered the problem. In addition to Linux, the vulnerability also affects 66 percent of all Android devices.

Using the vulnerability -- which has existed since 2012 -- an attacker can delete files, install programs and view private information. The Perception Point researchers said the Red Hat security team has been notified of the vulnerability and advised administrators to patch it as soon as possible. Red Hat said it will release documentation on a fix when it becomes available.

Linux PCs aren’t terribly common in the public sector, but the operating system powers the vast majority of today's web servers. And as  CSO Online noted, Linux also is used in a wide range of embedded systems and Internet of Things devices.

The bug comes just after a batch of Android vulnerabilities were recently discovered and fixed by Google, including several kernel privilege escalation vulnerabilities. Five of the critical vulnerabilities patched were related to bugs in the kernel drivers or the kernel itself, CSO Online reported.

About the Author

Derek Major is a former reporter for GCN.

inside gcn

  • When cybersecurity capabilities are paid for, but untapped

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group