Results 1 to 10 of 15
Enjoy an ad free experience by logging in. Not a member yet? Register.
I don't want to spoil the fun here, but the same man discovered this one:
NEOHAPSIS - Peace of Mind Through Integrity and Insight
All Linux 2.4/2.6 versions since May 2001 are believed to be affected:
- Linux 2.4, from 2.4.4 up to and including 188.8.131.52
- Linux 2.6, from 2.6.0 up to and including 184.108.40.206
This one isn't such a dramatic safety breach though.
The CPU has several states it can be in. The system starts in 16bit real mode, and can switch to 32 bit mode quite easily. It can also implement memory protection when in 32 bit mode, and that's when we say the system is in 32bit Protected mode. However, there are applications that rely on the real mode configuration, and to be able to continue to use those , the engineers at Intel came up with the Virtual 8086 mode, which allows a single process to be in real mode, while not disturbing the whole system. The catch here is that real mode lacks the protection from PM, which enables system security.
Needless to say then, this mode must be handled with very high caution, as it is quite easy to implement mall ware in this mode.
A significant aspect of the flaw seems to be the following
To exploit this vulnerability, an attacker must already have valid logon credentials and be able to log on to a system locally, meaning they must already have an account on the system," Bryant said in an e-mail.
That seems to make the risk very very remote would you agree? It's not clear to me if a hacker could obtain said credentials if they weren't explicitly given?