Network World

Google discloses serious Linux stack-buffer overflow bug in widely used C library

A Google security engineer studying an SSH connection to a host unexpectedly discovered a deeper, darker secret in the GNU C Library (glibc). Google later proved that a bug in this library could be ...
Ars Technica

Serious flaw that lurked in sudo for 9 years hands over root privileges

Sudo, a utility found in dozens of Unix-like operating systems, has received a patch for a potentially serious bug that allows unprivileged users to easily obtain unfettered root privileges on ...
ZDNet

Android SDK suffers from buffer overflow and lack of hardening

A classic buffer overflow exploit has been discovered in the Android software development kit (SDK) that impacts all versions of the Android Debug Bridge on Linux x86_64. The exploit scenario involved ...
ZDNet

Green Dam exploit in the wild

An exploit for a flaw in censorware mandated by the Chinese government has been made publicly available for download on the internet. The buffer overflow flaw exists in the latest, patched version of ...
Threat Post

Patched Code Execution Bug Affects Most Android Users

Researchers at IBM disclosed a serious buffer overflow vulnerability in Android 4.3 and earlier that could lead to code execution. The bug is patched in KitKat, but most users are on older versions. A ...
Ars Technica

Researchers wait 12 months to report vulnerability with 9.8 out of 10 severity rating

About 10,000 enterprise servers running Palo Alto Networks’ GlobalProtect VPN are vulnerable to a just-patched buffer overflow bug with a severity rating of 9.8 out of a possible 10. Security firm ...
Network World

Kernel space: Details of the vmsplice() exploit

A recent Linux security hole allows local users to seize the power of root. We show the Linux bugs that came together to let it happen. Once all this has happened, control returns to vmsplice_to_pipe( ...