Linux kernel flaw allowing hack attacks found

Users of computers running the Linux operating system were warned over the weekend against a new vulnerability that can potentially allow hackers to attack their machines.

Debian.org said the vulnerability, found by researcher "Pinkie Pie," can render a machine vulnerable to privilege escalation and denial-of-service attacks.

"Pinkie Pie discovered an issue in the futex subsystem that allows a local user to gain ring 0 control via the futex syscall. An unprivileged user could use this flaw to crash the kernel (resulting in denial of service) or for privilege escalation," it said.

Debian is a version of Linux that is the basis for the relatively popular Ubuntu flavor of Linux.

It said it has fixed the problem in version 3.2.57-3+deb7u2 and encouraged users to upgrade soonest.

The Hacker News said this was the most critical of the flaws found by "Pinkie Pie," who it described as an anonymous teenage ethical and skilled hacker.

It said "Pinkie Pie" earned some $100,000 for bypassing the security features of Google's Chrome at Pwnium and Pwn2Own competitions since 2012.


The Hacker News also said another serious flaw reported by Thomas Stangner involved the chkrootkit (Check Rootkit) rootkit detector system.

It said this "allows a local attacker to gain root access to gain root control by executing malicious code inside the /tmp directory." — Joel Locsin /LBG, GMA News