Linux & Open Source - eWeek


Battery 500 Project Charged Up over All-Electric Cars
Charting the Final Frontier--Google Maps for Indoors
Get Smarter Technology on Your Mobile!
  Linux & Open Source


Serious Linux Security Holes Uncovered and Patched



 By: Steven Vaughan-Nichols
2004-02-19
Article Rating:starstarstarstarstar / 0


There are 0 user comments on this Linux & Open Source story.


Rate This Article:
Poor Best
Two new virtual memory security problems were found in the Linux kernel on Wednesday and were promptly fixed.

Several security vulnerabilities in the Linux kernel were uncovered on Wednesday by a Polish security group. The problems were verified by Linux kernel developers and then fixed with a set of updates.

The Polish security non-profit organization iSEC Security Research on Wednesday released an advisory describing two "critical security vulnerabilities" in Linux 2.4 and 2.6s "kernel-memory-management code inside the "mremap(2)" system call.

The first of the problems, called "Linux kernel do_mremap VMA limit local privilege escalation vulnerability" by iSEC, could have enabled a cracker to achieve full super-user privileges.

With the super-user authority, equivalent to Windows administrator mode, a malicious user could destroy other users directories, plant rogue programs or trash the entire system.

The second vulnerability, dubbed the "Linux kernel do_mremap() local privilege escalation vulnerability," could have with "proper exploitation of this vulnerability … lead to local privilege escalation including execution of arbitrary code with kernel-level access," the iSEC advisory explained.

In short, an entire system could be disabled or hijacked.

Resource Library:

However, both vulnerabilities could only be attacked by local users with Unix shell access and comprehensive knowledge of how to exploit these vulnerabilities in Linuxs virtual memory manager, observed Martin Schulze, Debian Linuxs security expert and a director for Software in the Public Interest Inc., in a statement.

Although both the security holes were found in Linuxs virtual memory kernel subsystem, they are not related problems, according to iSEC.

Both security problem were fixed on Wednesday in the latest versions of the kernel: Linux 2.4.25 and 2.6.3.

Linus Torvalds, in the linux.kernel mailing list, said that the issues were "fixed in [versions] 2.6.3 and 2.4.25 (and, I think, vendor kernels). Please upgrade if you allow local shell access to entrusted users."

Indeed, Linux distributors, such as the Debian Project, Novell Inc./SuSE Linux and Red Hat Inc., released patches on Wednesday. The Red Hat update, for example, addresses the vulnerability uncovered by iSEC as well as several other issues listed by the Common Vulnerabilities and Exposures project.

iSEC Security Research was involved in another recent discovery of Linux vulnerabilities. In January, the group disclosed several holes in the Linux 2.4 series kernel and developed exploit code for the vulnerability.

Check out eWEEK.coms Linux & Open Source Center at linux.eweek.com for the latest open-source news, reviews and analysis.

Be sure to add our eWEEK.com Linux feed to your RSS newsreader:
http://rssnewsapps.ziffdavis.com/eweeklinux.xml





  Reader Comments: Serious Linux Security Holes Uncovered and Patched
>>> Be the FIRST to comment on this article!
 

 
 
>>> More Linux & Open Source Articles          >>> More By Steven Vaughan-Nichols
 


xv㶲 ;^+(}LR/ٖmؖn,-$MR~yyƯ oВ/L;i["PU( |Aȹ3"9)ٝfߧG,zIj|݇@@ezNULsJԶnT7n[#3P/a᳙(,Q  tjGt0]2hԵk2"gwek/cߨY`&`1ZlR!j 9i?۴$)OÁh] >QQMږy@6ՇH;*7܉x8ѽ/DeO^b&{Bq85;^7Ӄ2`~|!k`TOm}OkMmW ؓ ۭ@5lvy!rs#g ݻHݤoQؓIuhlUD`iRi13 LmC1kkRը>lYG|ݑ|YCXw:Qt æq/#!_TBp` FRBm Olˇ;)OE[Uֶg5]q;ܙcgtZENX*o~cn!LjXEsؗ}Yͼ`F3l˸;4 @SKVUBX)ځQrӽm˙=X8ӼN>ϿvϕiR^Ϯr$(֝[` mKIu]+h5u9yи} d}#5UJ`Z. $_c::fv}j^ ty[ԊhZAAvInaԳ| 3+i3*5dvw,?[Zu"uuY6f0ZhCA+tW?C;ˠjqsr||qӾZ]d/#t2 +?9VV'_ZUCp='^=v&6b M u ô|WVK5I}Dfsr"޺tx>"9Io G|;&. !=Ow| nr2GrI/]o$$̛cM|I`6M2T~`]Nj__ѬZxk~ 4+@_x0ND5#fMs,eg{0AM)61p9k 3!RBʼĿIK _VPJB-)\D7h+Ԍ$ٛ"G;ž_"ʥep1S{.Ӱuirq]7+De., s5-wfzaZTpx3jO׭cҽ\v;6O[0*>cq4Y`A-. 8ǹ:on:jr-6RA^Tjr[hc2ud8԰|A'ILlR莓x>:AGAticšh4ά@7h`C=҉:L w|hx:4,Ab&a`M?F#m| &>r\l 8d$(sw[L, σ5]ѽ:? a#0.Zm{$8ʼ E]ub3Bݷ|{ 閭,L<ģ̠>L(~~9-WRC/0z""D% T h4AEENA7;.VKŤ\*y"JM':ݑWKRx&,S,BV-KᗄPf%i2mhƪń(VFNl(0Vf)t:>{j -j&;_&TYWCxz#oՒhMb1vn g%A qsGIݔ6 [IFlp|S kQDSOX<}:ϣ )a!c"S+}ne@IUU[13R%x#e\46L XbOFSF KמO,.,{KIkyMّ.R\|rjN Y=:=4̄+uh'T-{>wZB_ua֚?ΆRP՘$GP/#[յ /Q+wڶ{Mt]QGq,bj\X,~ɯ‰5j1|*j0&B$V0l^/}kьV4:E809N܁e-uG6$\]Pr)SLZ06Aae呯^t8#P& ,#E .2 ZC `АBrAa T+S//' 7]@.&D~Ê?DNRcK=.C+DÜU^oV8;OjZ(T+19ɡUT9(J8;|%ZAg~~Ȼ8 iJ @g}}90?O?ogRJo/>^J3;|b2,` |"yd ėaE*uj |JZYPIb+ģYV WMUpn`{y~t=GhxZ `i@%p LM{jJwg ` Z7~,p,3YZD]bRYEG?voqeM)Dkp?F]S؇Qgm/RU *~eu^ߜmhDA` Нv;#ؐCKA;fVS8o|렀6RaMxތ9"yea@WIlJhLwh]-Qm(}gױgQ#M8^&&>ϣ*騫VJe2&0ʃF5c; [ LلY6Z ƚ_AFp5xl==CݸM_,YEn;&}+琩ksC/)ɹ%wA֮NZPn3i`$ezP.xY3'Gu"M."́08h} 2"an ~/I7a%|[JI) `uVDZ)~9HǞ1|]ܩe>t1G;*}z)cʌEo(SYmq'&F.҄^\fvmvLTSdPRaƭbR/\f ?+:TfDU5}5Oӑ?>nVɵGZV/fIRTP]\|T7MFBR%%^ͳqAɂ]AӀM\r8khs)p}/O&PFzMʵL]8TV<^ۋ}953ף~@Lf@= P3)&tƝ7/Tcfa2J({`\&LXu Z:LT)OLJZZ$|p`Ft"qT2NrfWϊ۫qT0lg筓^hy# @$+^s!\4OۗKG5?w@ۗ-)^s%z0W&eax!w m~?q%՝b"fw?BٸEO,,m'SsS)y# m$jRSfj# $_2 I,v+htlAW jÚmf /.i_n6D20@u\f0 `qk5É@P V- QגZ4ҫoeW!9 lj9l0`&0>9˫|1{~U*۞L #H1Ń O~ؑq eީӊNf|vu+KׅNo͗>W}3kyR̵jПs2]c>^Y ]s>ͥ=`8M\gwhG(V=w9c2G4aϝUkݮ< #3Cӝ薃(&q\vzyk]ar؂.cAI#Q>j 2'|8niamǡ8 0Nd$4P$yUZ/WU $]ve% >Yx2&n]%3 =яki^x̠t8s {~{!.u?.y ᛟuϯ2i%~WJ]݅[i}D)]K5"vًKqɧyeQjȓGD6K`#iv.R;+!bi4V;Tn{dskH:>dO#@/lvp6tY ~AXy Vrl8Grs&8<#P` ܍)³$`GDA|ég6A jm Z0\9f> V2ÿ&qFL=9bμ1$aɂβ kA>s丹Bld5=exu9NS^>vc"Ql= ގmEySQjh'yYP1~ dBwfzKL1Dq { $!L`3Q|#2 )<4j^jA==o.ufԝ"9·u,aR4]v9w}Q<H Obx<;n29ڟ~y"UO~uC*g rէBO!pHG,bϗ?M|{Q7q.DlB7 5]OT&.QGc}؈'iL5%m_70 F2ȌI{$Z$~ۜ"&V%lȗ/檅Hn qe4D- V9a ÛG,TB8o^ !-AcWyIKIy7?7?7?7?[ZmI,oՒtN 3tEݩMq.rM}0YvHW}$v,^D8$gõ~iak۾Q.;po} W3B$$ O!=MqmlZkQ$xiғZ)+קbIٕ^N#`WH h\y$HV/ P+L4 k;-4`ћ kk3&Xh҃9 ƛgR" rupZ6&B$Xg"gZAQ݇)#됂6\>{1eV&&J4-7:iO>ecj_!|nQMXKZ€c]^aJk ΰ| CʍcQ@Z?̴ܯ<[S!֯9d£Yg;_HJΡWJZ ɑ;v IK6R{ְ&LSݶHfojeQiH:-FY>'"~?A* nO2#a{4KXS\0k[긯 7va6FʋvLGMQXCLS8VD  /I?I5?O:ߐ&dQ?(p [O/q'H|5& GUp6ב? ~Emw tPb!O4#|.IA"6,A\ۦ,7jNsu.K(aO4>(C^PB^]’M=1I9ꊚbMWo@€!~5SZ} O]c)Iˋ}AE!Lj}AKfRכa~˰ES,Y޴K11\R[lRSWK.}KBG2KN+ߥtW T ik"r\IA$NPiѽg UP+$40+N0+i15hshCy=Vz^3ZkX;Xifkyb+n'-;M9ܬXMOܮG܀cmQNaDXoӑ1+ d9ZƒM)RӰp-#|ri?NRUzF"Adko)A;+j1 w5k tPfĸ/lu+^Rc"Wc -|29 ^+_aci;t]ktK3>3B;s^?busι\`{Qɰ|oEZ`3+nslKZIȶ8+ilwAFy7H1tNtGw,}@8(c=сHSjX:N#F¯RވfZh#nO5 UrMu "9;rZ#ZNHp5J311iL(Z@>+pS C7R,6$Ae5T?0Խ' ) 5 oUi_8AnIe6Ť>F,w'=&`Cq OMrtFwe\S{;[8/Vcx]N(F>'yk]w*<>wg-d= ol̛8D2}93og'Y1}Fs6$EuE)dbP-=2ءtcp:\oX|J7>B8!i?ח]0Iݾ`?À3{TZ"GeR1@Q>ɹeMNZpxXҚ0! YC) Q?\Ϣ"n#BLk83DD#^r {fĄfP A=ӾbbWoP$P`+wdc||9+$v˯@D3t]\VP*@H>S|??&~ϳC(nbJ ͍$u~g6G`6u}`EP00a|Lo'Ӄ~?]u:PLA%NnldaQ({b8M td.3#sRC´vxX->>& .ycI 8^yN4X+M7,X2| =܇>RXX_1[> MꪂOJBveX &zıkwy}KYV^*ߔӄ^I+\A] / PIZ  W{}G=`fm %WW_I4uEG^sI[<#m[8j?V99\}9i_ۗ=L0y?kyl2/*˙ΒQ9l^28ΈksYx9% y*w8l"fg$ڽG(%lFyї51o&Ll+SJ=VeS+{_?gg:^ZSrZOm ӦkuR\js$ )nu:e+MjV}QyxQ3Q+Q~ ˏ͌w2ʑ{ˏǭ#(?Z_~9ɠ)4vq^_>5пvF?Ӿ(3s7Qʿ/?/n/2Y\d"?/?/2e2P9 2(rˌ̐Kˌ@;dN~+x*k  7_/z@/?}P9g @MV9M@7d_ryʛrּ…)aFy)8RErXB]dנs\ȜHǣWɴFVی )` Ӯ7'%Y#/ܻ Gz‰nQ'L2f~<ĎrnOArr m>v#y_b^{P[Йq|ޢD)Fyk@-g&m\ŠMC7ao/aKZö`ZG;o=2db)049Khwm=ƾw<A[%Gcx-ȷ:ѧ^]F.=zB΄[W騿}sR%u L P8> XC,&lybmb+ H|r[ '$}C 'r!>pYFG`BO^zI{׻rDLa\Dm8JNJ(p0IASVNΊ{l%xLŒkX5m&Ĵ`Ջ⣍A{=0ƉF3Fo"9݌S*aѾ(Yen8݈qe@(e6Lm (~%6,x$(|v@- q[8 7tgG=םPĚɕ]ݎ;S'/Հm'|,$ fB~Ʈ3.},.[WY`_GFb+&SVkͅ*q.w ɰ\,Nd=:tzCʨ;bAoN[a>$VSP}XGm:Zd7:~PqW< 6LG1 (P0@;Cf K,h :BQF&A}F垓$gg_5b Fy&b3@p6+,D*9"Qo P @EikA/?jwH3ۉd , o9i3X:9Am'{';*lٹ ˜0J1Д8ٶ2COA#t ke[ O"C24a)fzc< 9znG}4צJu A]=_vs[>/'_uGW]Q籺naJWt{]!Kb !CNҶ\)Vbʥ.Sܟ=Ba҅fHEk,^zeXٽ"'PshՆG0^q۷KRl@ swS az ٝ˶ E=b농\ ѨpSTVDǮ3^mǺgymDmE>m+Ѝ5iO1igNbkcgb@xV=f_qxN|,ة9uVRdGB~Dda'Z-*?҂g' Q\F$/(ylHbK9m5'0X1'(R9K&t&0 'Ɣ ϰO"- s+׶9),#w:g)O|^}]x 0gWPR X -f1%IDb88)ҡCAȞB >eS7@n0\|_ d[\Oօuv\j/bY4~>r*r*]xD4NbŠ bRVy|ܾ۝NE^8%܆mJ@U&s)# MWb\)M9Q/;V&|Z2c{͵N_ l2W*,