There’s a lot of discussion today about a 0day Local Linux Root exploit. http://isc.sans.org/diary.html?storyid=6820 For readers who aren’t security-savvy, that means that a user logged into a Linux system, with shell access, can bypass system security mechanisms and elevate his access to be equivalent to the system administrator (or ‘root’ user).
It’s called a 0day because the exploit was released with no advance warning that people should patch their systems - even though the code change to close the hole was committed twelve days ago, on July 5th, lots of people still have systems that are running on vulnerable versions of the code.
Full story »