Portal Home > Knowledgebase > Articles Database > Kernel vulnerability - CVE-2010-2240


Kernel vulnerability - CVE-2010-2240




Posted by OLM | DavidG, 09-01-2010, 08:49 AM
A vulnerability in the 2.6.x Linux kernel was recently reported (CVE-2010-2240), which could allow hackers to gain root access on a Linux server. The hacker would need to first gain local unprivileged shell access on the server, but on many web hosting servers this is not hard due to vulnerabilities in hosted PHP applications or weak user passwords. Updates were recently released for CentOS and RHEL, and more information about those updates can be found at the following URL: http://lists.centos.org/pipermail/ce...st/016960.html Updates were also released for the Debian and Ubuntu distributions within the past month, and more information about those updates can be found at the following URLs: http://www.debian.org/security/2010/dsa-2094 http://www.ubuntu.com/usn/usn-974-1

Posted by FastServ, 09-01-2010, 01:14 PM
One word: Ksplice

Posted by Techbrace, 09-01-2010, 03:42 PM
CVE-2010-2240 affects systems only with Xorg.

Posted by MikeTrike, 09-01-2010, 03:44 PM
Ksplice FTW!

Posted by OLM | DavidG, 09-01-2010, 04:08 PM
Hi TechBrein, Xorg is confirmed to be one avenue of attack for this vulnerability. However, it is not the only potential avenue of attack, and therefore it would be wise for users to upgrade their kernels as soon as possible.

Posted by Techbrace, 09-01-2010, 04:20 PM
yeah, I should have mentioned it as *currenly affects*. Just wanted to clarify so that users don't go berserk after reading your post Anyway, I must applaud you for notifying the members about this vulnerability.



Was this answer helpful?

Add to Favourites Add to Favourites    Print this Article Print this Article

Also Read
wildwest (Views: 568)