Serious Linux Security Holes Uncovered and Patched

 
 
By Steven Vaughan-Nichols  |  Posted 2004-02-19 Email Print this article Print
 
 
 
 
 
 
 

Two new virtual memory security problems were found in the Linux kernel on Wednesday and were promptly fixed.

Several security vulnerabilities in the Linux kernel were uncovered on Wednesday by a Polish security group. The problems were verified by Linux kernel developers and then fixed with a set of updates. The Polish security non-profit organization iSEC Security Research on Wednesday released an advisory describing two "critical security vulnerabilities" in Linux 2.4 and 2.6s "kernel-memory-management code inside the "mremap(2)" system call. The first of the problems, called "Linux kernel do_mremap VMA limit local privilege escalation vulnerability" by iSEC, could have enabled a cracker to achieve full super-user privileges.
With the super-user authority, equivalent to Windows administrator mode, a malicious user could destroy other users directories, plant rogue programs or trash the entire system.

The second vulnerability, dubbed the "Linux kernel do_mremap() local privilege escalation vulnerability," could have with "proper exploitation of this vulnerability … lead to local privilege escalation including execution of arbitrary code with kernel-level access," the iSEC advisory explained. In short, an entire system could be disabled or hijacked.

However, both vulnerabilities could only be attacked by local users with Unix shell access and comprehensive knowledge of how to exploit these vulnerabilities in Linuxs virtual memory manager, observed Martin Schulze, Debian Linuxs security expert and a director for Software in the Public Interest Inc., in a statement.
Although both the security holes were found in Linuxs virtual memory kernel subsystem, they are not related problems, according to iSEC.

Both security problem were fixed on Wednesday in the latest versions of the kernel: Linux 2.4.25 and 2.6.3. Linus Torvalds, in the linux.kernel mailing list, said that the issues were "fixed in [versions] 2.6.3 and 2.4.25 (and, I think, vendor kernels). Please upgrade if you allow local shell access to entrusted users." Indeed, Linux distributors, such as the Debian Project, Novell Inc./SuSE Linux and Red Hat Inc., released patches on Wednesday. The Red Hat update, for example, addresses the vulnerability uncovered by iSEC as well as several other issues listed by the Common Vulnerabilities and Exposures project. iSEC Security Research was involved in another recent discovery of Linux vulnerabilities. In January, the group disclosed several holes in the Linux 2.4 series kernel and developed exploit code for the vulnerability. Check out eWEEK.coms Linux & Open Source Center at linux.eweek.com for the latest open-source news, reviews and analysis.

Be sure to add our eWEEK.com Linux feed to your RSS newsreader:
http://rssnewsapps.ziffdavis.com/eweeklinux.xml

 
 
 
 
Steven J. Vaughan-Nichols is editor at large for Ziff Davis Enterprise. Prior to becoming a technology journalist, Vaughan-Nichols worked at NASA and the Department of Defense on numerous major technological projects. Since then, he's focused on covering the technology and business issues that make a real difference to the people in the industry.
 
 
 
 
 
 
 

Submit a Comment

Loading Comments...

 
Manage your Newsletters: Login   Register My Newsletters























 
 
 
 
 
 
 
 
 
 
 
Rocket Fuel