Ubuntu is the latest Linux vendor to patch a vulnerability in the open-source operating system's kernel that could have left the door open for hackers to find their way into users' machines. In an email sent overnight on Monday, the Linux vendor warned users to update all machines running recent versions of Ubuntu, ranging from 6.06, which was released back in mid-2006, to version 8.04, which came out earlier this year. The problem also applied to other versions of Ubuntu such as Kubuntu, Edubuntu and Xubuntu."It was discovered that there were multiple NULL-pointed function de-references in the Linux kernel terminal handling code," wrote Ubuntu administrators in the email. "A local attacker could exploit this to execute arbitrary code as root, or crash the system, leading to a denial of service."
View: The full story @ ZDNet UK
From a Coverity press release in 2006:
Edit:
Hmm? Guess not.
"A number of other Linux vendors including Novell have recently released similar patches to address the problems."
Would the hardware and OS will even allow a program to write at memory address zero?
TTY Null Pointer
Mount Point Namespace
OSS Sound Not Checking Device in Range
File Creations in Deleted Directories
I don't know if any of those help you determine the method required to exploit.
Other than hoping to generate some sort of firestorm of pagehits from flaming, wouldn't it be a bit more responsible to suggest that *all* linux users check their systems and updates to see if they are at risk?
Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!
Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.