Linux & Open Source - eWeek


Is the Smart Grid a Dumb Idea?
Surgical Adhesive Offers Smarter Way to Mend Bones
Get Smarter Technology on Your Mobile!
  Linux & Open Source


Serious Linux Security Holes Uncovered and Patched



 By: Steven Vaughan-Nichols
2004-02-19
Article Rating:starstarstarstarstar / 0


There are 0 user comments on this Linux & Open Source story.


Rate This Article:
Poor Best
Two new virtual memory security problems were found in the Linux kernel on Wednesday and were promptly fixed.

Several security vulnerabilities in the Linux kernel were uncovered on Wednesday by a Polish security group. The problems were verified by Linux kernel developers and then fixed with a set of updates.

The Polish security non-profit organization iSEC Security Research on Wednesday released an advisory describing two "critical security vulnerabilities" in Linux 2.4 and 2.6s "kernel-memory-management code inside the "mremap(2)" system call.

The first of the problems, called "Linux kernel do_mremap VMA limit local privilege escalation vulnerability" by iSEC, could have enabled a cracker to achieve full super-user privileges.

With the super-user authority, equivalent to Windows administrator mode, a malicious user could destroy other users directories, plant rogue programs or trash the entire system.

The second vulnerability, dubbed the "Linux kernel do_mremap() local privilege escalation vulnerability," could have with "proper exploitation of this vulnerability … lead to local privilege escalation including execution of arbitrary code with kernel-level access," the iSEC advisory explained.

In short, an entire system could be disabled or hijacked.

Resource Library:

However, both vulnerabilities could only be attacked by local users with Unix shell access and comprehensive knowledge of how to exploit these vulnerabilities in Linuxs virtual memory manager, observed Martin Schulze, Debian Linuxs security expert and a director for Software in the Public Interest Inc., in a statement.

Although both the security holes were found in Linuxs virtual memory kernel subsystem, they are not related problems, according to iSEC.

Both security problem were fixed on Wednesday in the latest versions of the kernel: Linux 2.4.25 and 2.6.3.

Linus Torvalds, in the linux.kernel mailing list, said that the issues were "fixed in [versions] 2.6.3 and 2.4.25 (and, I think, vendor kernels). Please upgrade if you allow local shell access to entrusted users."

Indeed, Linux distributors, such as the Debian Project, Novell Inc./SuSE Linux and Red Hat Inc., released patches on Wednesday. The Red Hat update, for example, addresses the vulnerability uncovered by iSEC as well as several other issues listed by the Common Vulnerabilities and Exposures project.

iSEC Security Research was involved in another recent discovery of Linux vulnerabilities. In January, the group disclosed several holes in the Linux 2.4 series kernel and developed exploit code for the vulnerability.

Check out eWEEK.coms Linux & Open Source Center at linux.eweek.com for the latest open-source news, reviews and analysis.

Be sure to add our eWEEK.com Linux feed to your RSS newsreader:
http://rssnewsapps.ziffdavis.com/eweeklinux.xml





  Reader Comments: Serious Linux Security Holes Uncovered and Patched
>>> Be the FIRST to comment on this article!
 

 
 
>>> More Linux & Open Source Articles          >>> More By Steven Vaughan-Nichols
 


x}v6EW-mĶ<$!);[7]hvwĶDTP( I"nZΘ\̦dwꚃ>CK$wB}NUQV C7((bP<HwO7n[cQ0Ra᳙*,Q  tjGt0]2x6;k:&o4veki cߨ_[&``1Z|R!ۗ#: rWӺ'A8i @I>R(CѺQQyIږyH6EGJ;ߣ*C7 ݩx8/DeOd^b{Aq45;^;0k~BQ5w0NK <[w@Sա*v25vk>6^:6 ȅC׷z$nRvn7o\ 205I2Z [XdTZ ӡku8r 08juj=nfO-n@w(\'p}j F1 9,!\G0/<mCɤ:ZdQ}9e, f4öCCٰ5RrXJyy/^yxx(>X>>[8^pF_{JU4Eٿ]uί $(֝;p m+iu]+i0n{'Wݏ틋wy@.{A~$Fj}&UJDZ-i& 0h!5&tt<_B^,9DFI?nn/4E;J KHs = (2,#uGҾoo:6鷏Ϗn:Sdo̲1<ZMӀ Zvb!?[ VӓkIGN7s!+|rg>!5M0\̱¬:֪׷V1?!&@"rVJze_R ~8?]$?]tIAұ,O/ `HםBm۲ܾ*BZKE3ReQ So,nHˤd8[&r* ߱n^S@7'h脺f-Mn #dLi|]Y1p3Z&T23}MH5ņ])!exFS{mZ—W/(AK/ ڊ5|*(if){΀/3A.r)i" 6=aB+^뻹(4l=j\GgQwWڲ9Q[ kK\M흛ǘ\z댛VMW.~lz6LqJjhX.B2iKB0.pkꛛZG_@r /*r[h 2ud8԰1nґ>âx tSOC|>56㤞F!|БdmxqZ.s+ԍEXn`Nth Q٭lE%_¤< ) FA=H:}mP`~5$ǎ@ L=s'08ɽ5E0ݻCi`y1&=զA{ Tgg ,zC lm^l}h`1 >5g%G@i0xzODȧ$D!-i]R@Az< -,rr4 |?#!bRN[ '9Rt{B#R\)̄rZ z)2ٜʬ$3Mf X*ȉ#o"0%X ,gZ Xk5Ʋ fj~iڛ,Â%1A.ϼG36I `0ED$%\Ew,Of>zn8 DŽs 0aEiŬ9c 9i|X#D ݜZ,'1!&B~aZ&4" 7q9yE"9a* ,q;rׁfX8ȣ=p TfҬ|rY۶i \MMUPS7˕L<+׬UPM g2)*[hs<8:[(O7\EYbꞦ৚qH1g0d0{V@q=1S7RtZC+>q^i.;[@Oe]Zr{Q^ӛA'~. B[+ҞY%9&ےx A-ʘŗZZG"JP>V "Cɧ8$&le6LE?in Py\{8`O7l{`(`R5 )KbW4E%sXf&`ܱ &P wS~8;[0P!k^φVu<]|$==r;C6g cp>x>JeHכAB CO5,&ff:X[' +ȁUzqg0읶ׅ]%/_(̧76i+Co{LsCm0 G "˞#{W+HLZ`!?ՊRRՄ4i/#Y /m0ܑkC>aD6#ΜD(-CZ!3 O.4uD8_-OAM&4%qӠ8TUƮnssQ*/K7+ f)R'HV/굄ЪZZfAq{ 8pG#}y>W&~qj ,2,~RһAK>snW.}O>xN¢ '-h'^+0ZN *J"2ByQihw\rR2 S#<|~Ɋ0 ClWõX1 pWPV}8uO##cYe:@ݐ늦 ?K;+^W" V@Q# A\=!< '`QtEa:NiBwHyZT9֊N`έ(D apሙ@FCS؇`m/RۯTڞuN"X썿9KCbQD i^p J';pLjg %Jkfx+sJbOW2EDExkC鳨ݙY$8MGFi$]k|[P vfȭ>N6N1L Ma}QD ϓ1W5 d,fqNg0cp&vN{5֡,)3?t\:ktx{z&;wtn'X qLC-oZ# d0=̞̝A mۨX9)6?b(_J`Y V8g{}Dp懿ԫ0짜wJEVK`zցDZ%yHǞ1]]2Yޘzֱ4> ʀ>hxG2cdYJhUm{\ c{2|]>_&I|SeYȣV)+Y+T\U񋰷8C+`-XRj#L*"o&ŏ[o(urvOG~T>UʠˏHU*J5}Ur=)i7xџ6YD+(++i-Y2}a mD[& 4wʨKu3[*X>DД4Ϩ;Rb i kGQh-BwEj `3W?f44َcpDM?ҁh)03fMٸUJ0iuI+KZ̡=2f{cV$ƾ.ܓG\\׆hoy!?"X7Swgtṡ) RfCZִ2hw ĶVU 'D.-qC` IZVS"YKrvzJ5+dPe\xO+tSN`+T&.n߂B'+cI`UI`w0DR*MgFccb~f.VWv/(0h_hmdU]uv@Ώ.cI4O}ڽKŧ~::6? F&fB, 8oIŤ9}vntΤ6zv>G2DH#res%d}ܽxsՖҽNs5A DHKrBVë<Mti)qfڌ7MJ,#L_=ֈdȰ "APK}Ùb9ki.Dz=t_5g0T p- ۵cg#0 V`!1t|PVC (ʡ=`=`V鈓N)>\b/$VB 0F_Th)4zuSxv>޴8Sj7 EG/JN^v[ҷoDW蘧K7tEh[(kx,VbsZ;t/1?xԾ6Bz?$Y^3_{w jE pXIS"9oթ-xOӆO|BAJ;TLA:߄q?IkuYغ[LpA3:%Ib 5m$jZ3fj# $_:JI"v+hl(lAz׭ jSÚmf /.\m6Dr0&@v\f(Ӑ` q.@P)V-<(m1> QZ4ղoeW!= lj9l01!tQ^r^TSu&Ա™OH1D:n;WQ杊'cv,Q7&}Z9} DK{,i;;坠PFsgOɭ2 Xw= Zt Ud_Rxa9yhSr?r%W>i]7uja~%X@2oBOH4b5zÿ|뢧  r{k_=#g䢅q+ћ^P{20t[xؕvd{qO n<]1hn鐧4vlLcI")VԺ5w7`\8%'+wr62Ӣ @7YM (f~\;pOҠ%cc}d}ݸw[f1vifw ݷP%( >Q.=]awQ{]x͞6vYiEU.J\ -"PnǸZY|H%0)77 -,EBٳ>S4`@ LAj}uQjOj+( [m5#EŴR0%q^{@>u%}Č)#6NQ'BŨ=DfD!a!"=JJ9B7fnBwo@bʒRNО <2,|u脟6Z~ij H JJf !'Ipp4뙆 "ND'Ңb}IU%)^#/iZ! Vx ?xQiŃh#R\S1[ZNLZ \ƒ,Z q '_^Ms!lϰj}S-òLA3`&lxS*u{< H`$uX I oIuE-U*9*Rr#,YiD`_,"<'ũlʇW"a"Q(I,;RkB$zJe0&lU!^Ą0xC:F^R|"-"2lzsOPoU8qf;A߬h_3\\_괥~^W5@2 ff۷~e +Ks!|I-X{qvͧ:tʐn9ڟ=DY>ZWz[FDb^m}3uְZ"L$ &M0_ y"<"g!c}10F׀?P Xl<õ0)n.Kix9[6]Gx㩼uM13H|r֋9|v5S8CHGtksn߉k%vbjx`U`RuIU`ap|JbAsL|9MiZnuڞ|FվC.º\?Z҉>S仼x);׮i0M0G+7 Fh3roMd#`[[etlCwZhl~M-vvVU2gWk۬_g _sDW{PK =u<9-&/0ڬǛ[⼮wmYo ڌSk3"{A[of6௶aul:/35|`YmZۈYѧS.{WZZN nM96'uzl/X,Yf-e։5ƢV$_3b*NhV|7P2uQTKop#A$I`y|C [DpSȯO]x?f*nc'@ Efo{lqFyQwǶN8G˸v0P-%8ɠ)"(lßhF]"6,A\ۦ+B75Nsu®J(al4>(C^P"^]’{M}1Is9bMn@ע!~QRZ O]c)i+#ۏAE!Lj>A%fZןQɨE3, YK15\R;e\.he,zUdI+2&/ czŇRO&'Sj9椷 O=#ThZ| HU% & LGBGZk>Afm[3#mz^C GJk&t];xVy k+mLt[8Ow| e޼vsǹVUlƅ֝UؓRc-*);,1K[RA&Э%Sq܌v/.㽽WԄm$5DX#NgNtЩF;1CWIе6ARɠ{3EF-h>#Թ|A'b^o9g0cT2,9+?Xd_`9Ud[h, l rF@Yf>G, 5`vgV\o{~}C@>ܝ &1=g@Sыr4 g=Nc 'lI=R+6Č- [zqeC<1t8 ްnb75|$rkIC9Ҕ,%3۟ozʾR0F$u*C:΀ ZShiED#RhbGBc&~/7nrn[ք aNJ!9pbZŘ!&"c36#|5kE'l/u %5cZ|E"{X#&3)-+9x_A(W~H'U,rAS "PF: 1<;2ꥦH0^ofq) '.X`,2E<ep?,Gzaa2?y :RLAzy 6t(QS=1U&a2YM)s!aZ;:@QB<ⱴP <'/M7,Xzob @h),f,՚RD&u] !2,S=VJؿ<%yݬf/\iJdR. ?h$@F쌆=xɾx t0 c3brOtn0DŽO{CZ&Guӽ"G-¶V-j=uuO>w?v7>& s]|iKyl2/*f(H^.NQʩ٦ΘksYx9%E:w8lZdg$;G(%lFyї51ũ2M؂/LL)NNnڽOֆCz'>;eIc:j-\6~D(8iz67axKP b>^ Ȥou[9?C9B97P~)By79hp)?@Ar?/?坓BsS3r'? ͟{9埠 K2K{CKe}./?/s2?QFrsϡ<PK()+..n~ks޿rs ׇ9}}̡---m:Iʙ#gk\8=JW ͣ~TA__y+%iN>質9+f7_ΡsTh3*Я#Uߧdnldڹ>R+ ]q%=-{ᘴ[˺rn@Kȣ_xi +{ z@ⅇW4:<)X9vFnmkv9|,y|8SNtw<17 }^1 B8 v t{z*%.n }xL|uӚ޴ܞv<2kݫ++#BAf_b 5y?'OtVfw 4;) vbi3q*K7ýEy278 0׀[NxZnamn= `oZY=tfF}yP4lK%LBhDc H-L{HN٣8 an-g諡j:HÅMH|3f2ts`Ǝ4H jYj ~ZV-~#a3="BS]FTMVYi2ZUٯk%PPeh[v2joVS' yV8n[zQ"z5~B@-&1"/cA6of!)^ ~*Uv3:E(G2Ā)Ee ;+Llb@lJP wqg ̚W>&\ŠMCao/aKZöpZ;l=2dj Y(}`)049Khm&=Ɓ<A[%cx-ꞠW/3! 9oъ^\g>΅*K X-03IX|1@$b-V$G3x7X%05:%,-g3Σ>̆I ůD|݆p|{ n AnӕcX;qg "d`󛏅XLuf%2^;g~1Q>ಓ_[eF` EO]WvBaI3y=횽yfs(c89G}k-sO=%4Id`2b `wO 챧4Ήϧ%uK""H "s{B|%؄wjPn2!%؉GGД2\XSVT#cE \3SzA۹Fg98*!نIr3f[W1^F\|gȌQ)x>AR$~hBS2m-(Eǝ.r};{,dv/+0bŽϥOvHyU_OD.M?^!t#R.ڋOFې_SahlypI̮>LN>Ncc? `vwj9c˖) Mm+#84#<غ lQF޺%qm.a;+C&bf:γ@\W (9|d@loMûymj_ԕU`7g~*3VCA>p8C3`ܐ}oDI-C_xr:Y 96+-  `zMF6iژDR*,l'f , ~sf㿞9Qh~0r$c<[_Eڵ<oc3)+~`[t%(5x{v͆LVe؋$| _[0~XrJ~S.u 7tle @Jݰ mE73B*}X^c 0У,*059G5E6<]܈xjݾX gkOUxXURM)X7lRTFM[¶":qpxm;}k{.*l+k[ȅnTLxI;s__@>{zw1G[0rcfzwY='8KiJ epCdkZK (Dq] XNâȖWITR6!;կD?8- cĬ;fcXJ ,oԟŒ'TS*4.>Ͻn̯]2xDx\]oRL xW%(DzU]Z ^cdKX$_֬=LE")0ONg= zBLk|FXKWk 0qmr?{s\9,Cclʲcv9ä`=`Z^}]x O!0YdWPR Y -f1%IDb$8ґCA؞BTfƲ"7cP!Xd]-noB@:S .xBDZ,ɋ|P cyx ^ŧ$NSb0|:L+OK+R?a%Pt^kh?Xi/.;xH%H}Sw= ɳaFk;O(Uƥ9;(>^tooh/=j|vpu"Em9EKBޜ Tv>Vurҹ:KW{zv C&ȕ/g-F#-<#DYfCժZ-Nj|ۊ#iQg8&rYOr};7 D^4†mJPU&s)c MWb\)MCS9U/;V&|&Z2c{͵N_ l_h+