On Tuesday, January 19th, 2016 Nu.nl published an article (in Dutch) that a critical vulnerability in Linux was discovered which threatens PCs, servers and Android devices. Of course we have investigated immediately. Only a few 1A-servers are vulnerable and the impact is low.
Background
Basically Linux exists of a number of components:
- The kernel. This component is responsible for correctly handling the hardware and communicating with the operating system.
- The operating system, also called “distribution” in Linux. This contains all the basic software.
- Applications. These provide the functionality of the system (such as a Web server).
This vulnerability and 1A-servers
This vulnerability affects kernels from version 3.8 and up. Most 1A-servers use kernel 3.4 and are therefore not vulnerable.
A few 1A-servers do have a newer kernel because they have newer hardware. But the vulnerability is a so-called local exploit. This requires local access to the 1A-server to be able to abuse it. So the probability of abuse is small because only employees have access to the 1A-server and specialist technical knowledge is required to actually abuse it. Nonetheless we will still fix this vulnerability in the coming month.
More information about this vulnerability can be found on the website of security firmPerception Point »
Author Richard de Vroede
A perfectionistic Jack-of-all-trades who dedicates all of his passion to his work.
More by this author
Did you find this interesting?
Please take a moment to share...
Do you want to receive regular e-mail updates?
sendSubscribe now