Follow Slashdot stories on Twitter


Forgot your password?
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Submission + - "Most serious" Linux privilege-escalation bug ever is under active exploit (

operator_error writes: Lurking in the kernel for nine years, flaw gives untrusted users unfettered root access.

By Dan Goodin — 10/20/2016

A serious vulnerability that has been present for nine years in virtually all versions of the Linux operating system is under active exploit, according to researchers who are advising users to install a patch as soon as possible.

While CVE-2016-5195, as the bug is cataloged, amounts to a mere privilege-escalation vulnerability rather than a more serious code-execution vulnerability, there are several reasons many researchers are taking it extremely seriously. For one thing, it's not hard to develop exploits that work reliably. For another, the flaw is located in a section of the Linux kernel that's a part of virtually every distribution of the open-source OS released for almost a decade. What's more, researchers have discovered attack code that indicates the vulnerability is being actively and maliciously exploited in the wild.

"It's probably the most serious Linux local privilege escalation ever," Dan Rosenberg, a senior researcher at Azimuth Security, told Ars. "The nature of the vulnerability lends itself to extremely reliable exploitation. This vulnerability has been present for nine years, which is an extremely long period of time."

The underlying bug was patched this week by the maintainers of the official Linux kernel. Downstream distributors are in the process of releasing updates that incorporate the fix. Red Hat has classified the vulnerability as "important."

Submission + - Wired says Google's Pixel is the best phone on the market

swillden writes: The reviews on Google's Pixel phones are coming in, and they're overwhelmingly positive. Most call them the best Android phones available, and at least one says they're the best phones available, period.

Wired's reviewer says he used to recommend the iPhone to people, but now he says "You should get a Pixel." The Verge, says "these are easily the best Android phones you can buy." The Wall Street Journal calls the Pixel "the Android iPhone you've been waiting for." ComputerWorld says "It's Android at its best."

AndroidPolice is more restrained, calling it "A very good phone by Google." The NY Times broke from the rest, saying "the Pixel is, relatively speaking, mediocre", but I'm a little skeptical of a reviewer who can't figure out how to use a rear-mounted fingerprint scanner without using both hands. It makes me wonder if he's actually held one.

Comment Re:That's what ghosts are for? (Score 1) 113

Memories can be used in the generation of fantasies. These fantasies can be used to move the memory model of a person forward. If the actual person is still alive, there's the possibility of being able to reconcile the fantastic model against the actual person (talk out the fantasy with that person to see if they'd react the way you think they would). If the actual person is not alive...then the model exists solely as a non-reconcilable construct within the mind of the person generating the fantasy.

Comment Re:STOP! THINK! (Score 1) 410

I hypothesize that Whipslash saw a mountain of opportunity to offload a stalling investment into and told his 'editors' to put this baby into a nosedive directly at it. Seriously, I'm at a loss to explain why anyone would allow this shit on the site aside from a deliberate and willful sabotage attempt.

Comment Re:Doctor Doctor Give Me The News (Score 1) 508

Wow...ok. It's called I power off the system when I'm not expecting to use it within the next several hours, and I have the network card disabled when the system is off. Therefore, its connection to the internet only exists when It's powered on, hence its connection is not permanent. I really hope you didn't pull a muscle with that excessively long reach for something to troll on.

Comment Re:Doctor Doctor Give Me The News (Score 3, Interesting) 508

I've got 3 separate servers that all run different OSes. 1 in-house with direct control running Gentoo with OpenRC. Then there's the two VPS's. One is running CentOs 6.7 with Upstart. Then there's the PoS VPS I have free on Microsoft Azure running Ubuntu something-or-other with SystemD. Nothing critical is on this just serves as a lab environment and data passthrough. The only time I've ever run SystemD on a system I own with physical access was on my primary desktop...which is never permanently online to begin with.

There have been too many points with a systemd system that I don't trust. Nothing to date with the system has personally affected me to say it's as worthless as I think. I just never trusted it because it just felt too much like a Windows Registry clone in how it worked, which in itself screams that it cannot be trusted. This bug seems to prove my intuition correct.

Submission + - Multiple Linux Distributions Affected by Crippling Bug in systemd ( 1

An anonymous reader writes: System administrator Andrew Ayer has discovered a potentially critical bug in systemd which can bring a vulnerable Linux server to its knees with one command. "After running this command, PID 1 is hung in the pause system call. You can no longer start and stop daemons. inetd-style services no longer accept connections. You cannot cleanly reboot the system." According to the bug report, Debian, Ubuntu, and CentOS are among the distros susceptible to various levels of resource exhaustion. The bug, which has existed for more than two years, does not require root access to exploit.

Comment Re: don't get your hope up (Score 1) 261

If what you say is true and tested by you, then the theaters you go to absolutely suck and you should stop giving them money in the first place.

Though rare, there have been a few times that I've received a refund on a movie that was so utterly bad that no one in the chain deserved to get my money. The most recent notable instance was the 2011 remake of "The Thing." Granted since then I've become a hell of a lot more selective in what I'm willing to go to the theater for.

Finally, before someone says "You haven't received a refund after sitting through the entirety of a movie," yes, I have. I have sat through an entire movie, thoroughly hated it, and received a refund afterward without being grilled about it. This situation only ever happened twice, when I was with a group of friends carpooling and there was nothing else within walking distance to occupy my time while I waited for them to finish. I always had my reasoning statement to back up my request, but I've not once had to use it.

Comment Re:Yawho? (Score 4, Informative) 72

We're talking about senators here... you can't spew that much bullshit without having impacted bowels.

Oh, by the way: your attempt at pedantry fails as a secondary definition for impacted literally means "strongly affected by something." Or, to see for yourself read #9 on the linked page. Also; by literally I mean that to be without exaggeration or inaccuracies.

Slashdot Top Deals

Put not your trust in money, but put your money in trust.