Linux has had a huge bug for nine years

bugA huge bug has been sitting in the Linux kernel for nearly nine years which gives untrusted users unfettered root access and no one noticed.

Now it seems the hole is under active exploit, according to researchers who are advising users to install a patch as soon as possible.

Dan Rosenberg, a senior researcher at Azimuth Security, told Ars Technica that it was the most serious Linux local privilege escalation ever.

The underlying bug was patched this week by the maintainers of the official Linux kernel and downstream distributors are in the process of releasing updates that incorporate the fix. Red Hat has classified the vulnerability as “important”.

Attacks exploiting this specific vulnerability were found by Linux developer Phil Oester who discovered it using an HTTP packet capture.

It took him less than five seconds to get total control.