65% of Web Servers vulernable, as well as ALL android users

[rockking1379]

so this vulnerability was discovered by the same folks who found vulnerabilities in JournalID earlier this year. this has a very wide impact on linux as it effects everything from android smartphones up to linux super computers.

 

 

According to a 2013 report from W3Tech, approximately 65% of all web servers on the Internet utilize a Unix/Linux based operating system. We uncovered a bug that impacts all Linux platforms, including mobile devices, and we’re calling it “grinch.” Fortunately, there are ways to detect the exploit of this bug in your environment until a patch is released.

 

definitely something that needs to be patched quickly.

 

 

With an approximate 65% of web servers running on Linux/Unix the threat of this vulnerability cannot be emphasized enough. Major companies which run their services on Linux based system will be affected include the cloud servers of Amazon and Microsoft. Not to mention the half a billion users of Android around the world who stand in risk.

 

 

On the bright side, the researchers also denied any news of this vulnerability ever being used so far. So no major damage has been done. It is advised to restrict user permissions on your Linux systems and also monitor user activity until a proper patch is released.

 

but hey no one has reported it being exploited yet. give it a week (if that)

 

Source: http://www.techworm.net/2014/12/linux-grinch-vulnerability.html

Source: http://www.pcworld.com/article/2860032/this-linux-grinch-could-put-a-hole-in-your-security-stocking.html

[Tataffe]

[rockking1379]

 

 

no no no, gotta blame dinkleberg

[Thony]

Dont we all know that everything and everyone can be hacked on the internet ?!

U cant protect your own poo today unless u encrypt it, store it in a box and dig a deep hole and only u know where it is...

Digital = vurnable...

[Wardojack]

Dont we all know that everything and everyone can be hacked on the internet ?!

U cant protect your own poo today unless u encrypt it, store it in a box and dig a deep hole and only u know where it is...

Digital = vurnable...

But this is a major security flaw that makes it easier to gain access to a system, it's kind of a big deal.

[Darkman]

Dont we all know that everything and everyone can be hacked on the internet ?!

U cant protect your own poo today unless u encrypt it, store it in a box and dig a deep hole and only u know where it is...

Digital = vurnable...

No man, the FBI has these things to find the two shits you give. They want all of your stuff now mannn....

[rockking1379]

Dont we all know that everything and everyone can be hacked on the internet ?!

U cant protect your own poo today unless u encrypt it, store it in a box and dig a deep hole and only u know where it is...

Digital = vurnable...

yes digital usually does mean vulnerable, security is an illusion. but that doesnt negate the impact this could have

 

But this is a major security flaw that makes it easier to gain access to a system, it's kind of a big deal.

really bad security flaw. hopefully it gets patches soon

 

No man, the FBI has these things to find the two shits you give. They want all of your stuff now mannn....

they can have it when it leaves my warm live butthole

[PhantomChevron]

Wtf is going on with all the Vulnerabilities right now, this, Sony leak, Sony being a complete pussy.. Dafuq is happening to the work during December 

[rockking1379]

Wtf is going on with all the Vulnerabilities right now, this, Sony leak, Sony being a complete pussy.. Dafuq is happening to the work during December 

just december? shit this year also had poodle attacks on SSL, heartbleed on openSSL, shellshock on bash. this whole year has just been shit for security

[_Rocket]

The article is terrible, but at least the linked source provides some insight.

I haven't seen it mentioned, but if this is the CVE-2014-9322 then it is a local privilege escalation, if you can be affected by that then you have more serious problems at that point, or maybe it can be useful for rooting android phones, i don't know... but i guess it makes for a good clickbait headline.

[rockking1379]

The article is terrible, but at least the linked source provides some insight.

I haven't seen it mentioned, but if this is the CVE-2014-9322 then it is a local privilege escalation, if you can be affected by that then you have more serious problems at that point, or maybe it can be useful for rooting android phones, i don't know... but i guess it makes for a good clickbait headline.

from what i understand of it it actually bypasses all privilege check measures and allows an exploiter to run any commands they want regardless of the user group the exploited user belongs to.

[Blade of Grass]

Wow, it's scarry to hear that so many devices are vulnerable to...an exploit that requires the attacker to be authenticated on the device? So it's basically just a sensational article/title.

[Toddwjp]

Wtf is going on with all the Vulnerabilities right now, this, Sony leak, Sony being a complete pussy.. Dafuq is happening to the work during December 

 

linux/unix vulnerabilities are identified and patched all the time. just a couple of high profile hacks and more serious vulnerability have raised awareness.

[FakezZ]

But this is a major security flaw that makes it easier to gain access to a system, it's kind of a big deal.

Lol Windows has thousands of virus and nobody bats an eye. A vulnerability for linux is found and the world loses their mind Seriously though, this is probably gonna get patched like really soon so I wouldn't really worry about it...

[Hatsune Miku 「 」]

Closed Network Systems are nice.

[Wardojack]

Lol Windows has thousands of virus and nobody bats an eye. A vulnerability for linux is found and the world loses their mind Seriously though, this is probably gonna get patched like really soon so I wouldn't really worry about it...

Viruses are a different story, it's your responsibility to protect your computer from viruses, we're talking about a major security flaw with the operating system itself which could potentially affect all Linux-based systems.

[FakezZ]

Viruses are a different story, it's your responsibility to protect your computer from viruses, we're talking about a major security flaw with the operating system itself which could potentially affect all Linux-based systems.

Well to my (i will admit limited) knowledge about system security, most of the time viruses utilise a security flaw of the operating system. 

[Techteen14]

just december? shit this year also had poodle attacks on SSL, heartbleed on openSSL, shellshock on bash. this whole year has just been shit for security

Not to mention the, what, four major credit card hacks over the last 12-13 months?

[TAK]

.

[colonel_mortis]

This vulnerability seems to be one that won't affect most sites because to use it, you need to be able to run commands on the remote server, and if you can do that then the site already has some pretty serious security issues. This vulnerability will be deadly when associated with shellshock (which allows remote code execution), but I wouldn't go so far as to say that it's bigger than shellshock (especially now that the majority of significant sites have now patched shellshock).

According to http://blog.threatstack.com/the-linux-grinch-vulnerability-separating-the-fact-from-the-fud the 65% figure is a long way off the truth - most linux-based sites are not vulnerable. The techworm article that you linked seems to have a pretty considerable amount of misinformation in it.

[Wardojack]

Well to my (i will admit limited) knowledge about system security, most of the time viruses utilise a security flaw of the operating system.

Not always, a virus is a price of malicious software that spreads itself just like a real virus, they don't necesarily exploit flaws in the OS, someone may just be tricked into downloading said malware thinking they are downloading something harmless.

[FakezZ]

Not always, a virus is a price of malicious software that spreads itself just like a real virus, they don't necesarily exploit flaws in the OS, someone may just be tricked into downloading said malware thinking they are downloading something harmless.

Oh ok then. Thanks for the info btw