Today a very dangerous bug privilege escalation bug in the Linux kernel has been fixed. The bug allows an underprivileged process to run with the root privilege from any application with a GUI.
It affected the x86_32 and x86_64 platforms and was reported to the X.org security team, who then referred it to the team handling the kernel.
The vulnerability was discovered by Rafal Wojtczuk of Invisible Things Lab. This is how Joanna Rutkowska, the founder of Invisible Things Lab, describes it:
The attack allows a (unpriviliged) user process that has access to the X server (so, any GUI application) to unconditionally escalate to root (but again, it doesn’t take advantage of any bug in the X server!). In other words: any GUI application (think e.g. sandboxed PDF viewer), if compromised (e.g. via malicious PDF document) can bypass all the Linux fancy security mechanisms, and escalate to root, and compromise the whole system. The attack allows even to escape from the SELinux’s “sandbox -X” jail.
All the Linux kernel since 2.6 are vulnerable according to Rutkowska. Linux kernel 2.6.0 was introduced in December 2003. So, this means that the vulnerability has been around for almost seven years.
Linus Torvalds has already released a patch to fix this and it has been pushed upstream recently into stable kernel.