Jump to content

allwinner kernel root exploit


Baos

Recommended Posts

 

What troubles me is the majority of brain-dead comments there and the fact that people post links to articles they don't read/understand. Did you realize that the very first link in the arstechnica article is http://forum.armbian.com/index.php/topic/1108-security-alert-for-allwinner-sun8i-h3a83th8/-- obviously not.

 

Just to spread the word: It only affects H3/A83T, it's not a backdoor, it happened intentionally to debug stuff (and maybe also to provide an easy way to root Android devices -- normally the first thing Android users ask for) and it's a good lesson why relying on vendor kernels is not the best idea. 

Link to comment
Share on other sites

What troubles me is the majority of brain-dead comments there and the fact that people post links to articles they don't read/understand. Did you realize that the very first link in the arstechnica article is http://forum.armbian.com/index.php/topic/1108-security-alert-for-allwinner-sun8i-h3a83th8/-- obviously not.

 

Just to spread the word: It only affects H3/A83T, it's not a backdoor, it happened intentionally to debug stuff (and maybe also to provide an easy way to root Android devices -- normally the first thing Android users ask for) and it's a good lesson why relying on vendor kernels is not the best idea.

@tkaiser

Hope you don't mind a noob to Linux saying that is a very honest informative reply you give.

 

Looking back at recent Linux history reminds us that security is a ongoing work and never stands still.

Edited by theguyuk at 2016-5-12 03:54

 

 

 

Looking back in recent history reminds us it is not only Orange Pi that has had security problems

 

 

Michael Mimoso January 19, 2016 , 7:47 am A patch for a critical Linux kernel flaw, present in the code since 2012, is expected to be pushed out today. The vulnerability affects versions 3.8 and higher, said researchers at startup Perception Point who discovered the vulnerability. The flaw also extends to two-thirds of Android devices, the company added.

 

See more at: Serious Linux Kernel Vulnerability Patched https://wp.me/p3AjUX-u9J

 

May 5, 2016 , 8:00 am

Five-Year-Old Android Flaw Exposes SMS, Call Historyby Michael Mimoso

Categories: Mobile Security, Vulnerabilities

A five-year-old privilege escalation vulnerability in Android disclosed today affects hundreds of different device models going back to Jelly Bean 4.3.

April 18, 2016 , 2:11 pm

3.2 Million Servers Vulnerable to JBoss Attackby Tom Spring

Categories: Cryptography, Hacks, Malware,Vulnerabilities, Web Security

 

Cisco Talos said that 3.2 million servers are vulnerable to the JBoss flaw used as the initial point of compromise in the recent SamSam ransomware attacks.

February 22, 2016 , 12:00 pm

Linux Mint Website Hacked, ISOs Replaced with Backdoored Versionsby Chris Brook

Categories: Hacks, Malware

 

Attackers managed to hijack the website of Linux Mint to push a backdoored ISO version of the software to users over the weekend.

February 16, 2016 , 12:00 pm

Critical glibc Vulnerability Puts All Linux Machines at Riskby Michael Mimoso

Categories: Vulnerabilities, Web Security

 

A critical vulnerability in glibc, the GNU C library, affects all Linux machines and many web frameworks, opening the door to remote code execution.

 

January 27, 2015 , 12:55 pm

GHOST glibc Remote Code Execution Vulnerability Affects All Linux Systemsby Michael Mimoso

Categories: Vulnerabilities, Web Security

A critical remote code execution vulnerability in the GNU C library glibc affects all Linux systems going back to 2000.

 

 

Link to comment
Share on other sites

What troubles me is the majority of brain-dead comments there and the fact that people post links to articles they don't read/understand. Did you realize that the very first link in the arstechnica article is http://forum.armbian.com/index.php/topic/1108-security-alert-for-allwinner-sun8i-h3a83th8/-- obviously not.

 

Just to spread the word: It only affects H3/A83T, it's not a backdoor, it happened intentionally to debug stuff (and maybe also to provide an easy way to root Android devices -- normally the first thing Android users ask for) and it's a good lesson why relying on vendor kernels is not the best idea.

I have read it again and still do not see your link. mobile version. I posted because of the date on the article of May 11 2016. I wanted to make sure the exploit was not present in what I am using. I had a lot of issues with similar linux exploits in the 90s. For me it is the fear of worms and backdoors.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
×
×
  • Create New...

Important Information

Terms of Use - Privacy Policy - Guidelines