Network Security & Hardware - eWeek


Is the Smart Grid a Dumb Idea?
Surgical Adhesive Offers Smarter Way to Mend Bones
Get Smarter Technology on Your Mobile!
  Network Security & Hardware


Researchers Find Serious Vulnerability in Linux Kernel



 By: Dennis Fisher
2003-12-01
Article Rating:starstarstarstarstar / 0


There are 0 user comments on this Network Security & Hardware story.


Rate This Article:
Poor Best
Security professionals took note of a critical new vulnerability in the Linux kernel that could enable an attacker to gain root access to a vulnerable machine and take complete control of it.

Security professionals took note of a critical new vulnerability in the Linux kernel that could enable an attacker to gain root access to a vulnerable machine and take complete control of it. An unknown cracker recently used this weakness to compromise several of the Debian Projects servers, which led to the discovery of the new vulnerability.

To read more about the recent attack on the Debian Projects servers, click here.

This discovery has broad implications for the Linux community. Because the flaw is in the Linux kernel itself, the problem affects virtually every distribution of the operating system and several vendors have confirmed that their products are vulnerable. The vulnerability is in all releases of the kernel from Version 2.4.0 through 2.5.69, but has been fixed in Releases 2.4.23-pre7 and 2.6.0-test6.

On Tuesday, one day after the vulnerability was disclosed, exploit code for the flaw surfaced on the BugTraq security mailing list. The code is designed to run on x86 systems running any version of Linux. Also on Tuesday, more Linux vendors released updated packages containing fixes for the weakness. MandrakeSoft and Slackware Linux Inc., among others, issued new versions.

Resource Library:
The vulnerability itself is an integer overflow in the brk( ) system call, which is a memory-management function. When the call invokes the do_brk( ) function, using user-supplied address and length variables, the call does not check for integer overflows when adding the variables, according to an analysis of the problem by Symantec Corp., based in Cupertino, Calif.

According to Symantec, this weakness would allow any local user with shell-level access to the system to escalate his privileges to root. This would allow the attacker to perform just about any task he chose on the machine. Symantec warned that the new flaw could be combined with any number of remote vulnerabilities to allow remote attackers to gain root access, as well.

RedHat Inc. and the Debian Project, both have released advisories warning customers of the issue and providing information on fixes. A slew of products from other vendors, including, MandrakeSoft S.A., SuSE Linux AG and Caldera International Inc., also are vulnerable.

According to Symantecs analysis, the exploit that the attacker used to compromise the Debian servers is not publicly available, but is apparently circulating in the cracker underground.

(Editors Note: This story has been updated since its original posting to include new information pertaining to the vulnerability.)





  Reader Comments: Researchers Find Serious Vulnerability in Linux Kernel
>>> Be the FIRST to comment on this article!
 

 
 
>>> More Network Security & Hardware Articles          >>> More By Dennis Fisher
 


x}v㶲sVQfEw^-۲-,-$MRv;y9k~bq -qNlKX( B;;~$r#Ӟ3[ΜGoMzIj|ݻ@B9 (ˑ㍨W)9bP]HwWeNzΠv@\~8 \?QwD%x_@jG @.Rs2 Z93껲9'ԗ7'x2 X-{Dq6)֐Nud?h='@IRb(Ѻ8>QQ_X耄-:;|7*UN83p{f_ʞz5"x<&j;^7;z~;L 18`Tˑ黖~OcM-GVekV6^@^c\ȁ{74FT՝ L4H UHIp'z:tQ?D9z u r<r@J53g螩[{mɧ9\H u1 5406Z-$5QELx}Dr,_dL~>w!}O}nrhI"A[fT}O%ތE_σut3|>#s>uN< EC#mxZ.S3ЍIXn`vt#I4oqp{4ڭ-%_bD}x3V=H:}mP`9$'ʦMf@B9;ǻޚ~(wzt( u,/G`\@Z8`$8ʼ }¢81OpMrA}1g`sDo뷺iChnPBԆ.q<ɜ+) X@H#"D% T h4AEENmbo$w$]I+TbD8JnOu$9gJ_JEs㙰TL٣XB YX/_23CCɴaX9{DMfT`B[ᛥDKak`FX,M& 4LXc== 3ܴF K0wrHCb;Nt3Asp=73s Xܣ`6Ê0ӊYsξS s>xF'S6)93mX0NMcJ"+H5L6ȃiА4XԹæZ&rǸ!6ql9`n5ډ<\y͏O@}Q>jWuΙ/ܑ-Ӿ/߄T 9uC \D r}͚X 4ؐ|&B77Cn^ʚtɕU.F(iJ~)dj~#Jw}tK)'SgFFJ V zh'>eg HtXKnuo?HյEI8J{Ұ.Z*쉟ei -a-׾0^Ԣ(-Q|u$"!tùbXGJBb&^fdhQSKpSw{؈=50_ܰ큡K*+jS)Kb4EsXjgܰ&P `*7`b\0O`N#y9!==r=6; 8{y4%2N?1ҧ[BSjb35-F  o _ǂK ޽ȁUrqX3alia;i- ySIq6O.[- V=9Je!6c{iݯ#Ow])=B~,%1`k@Lf2,rƎe9wلAٌ$ Ei.<89Ro> < ıLBYaT88l]x}G 2qɝa&1?@R)Ö13ghi'ǙXT'łЀah"N?CU^f-"JPVbjxSC+jrPT+ oV Ls1ǔ)R3K )N翼;u_3c`Jm@)[?`3\x ȕ2,*`ز|˘ iXSJ$z0vZman5;3Lᗬ۩+=ibGH􍹏58`w4 Ř)3%Jt( ֹB\U4Ue Xݘ `1}j$a#C`JEWFڬv=3Ȩk 03-tq]U*jAe/y+^> (# `! Kx{ZCA;fSx]tV}P@K&nΚ6s787;'|1A-r<9yn2$8z0JL;O%95$_ۂ3B{o鸙 k^螫VJ lXDOb >A: l?`gS{_`p1\AnC>ԍ+l*r/|m*Ln1}c%[Rx` fΌzlhRXS(.>H&#UX)TԒP?ITqA#ֈEB%3\-ܛ`@O|C]k2I$̸yF0ŗ!%K'O@lXC=B3tMnIoΚk21aI3I)`{IO4c3F*}$7UksVB 'I#g?amy:Je2qy27(۞kML7 xG ?wś>adJP*5]*; 19AqC` H\Q"Y rrjT rF2R@BZB$d1~O}i}3>#8}_EANQAZrԸGZ`~ǭI4?p-:%5ށ6 `i8~{@]qׇ́Ľih?HYFp0Z^ <!n8{ֽGY%%s5ADHͳ}䄬W!yZFSLuk3d4)(gjmXc?$p ^Cښҽ1K7xEp[(khLVbsZ;t0?x>kz? i^;g Í7F jE%p>#N M5W"vØ O|B[~qBOP6Ɠ4ɨ ݒ:p<5 :)!OO|Nhk'I^VR6T$4%!44QLNbC]F+C7g һhoNpVHpo6_xvIa%h dgKe 3 KqkP Q,+ ` ;|E?SJ[L>XkI-jշΫ؉Gs`#^Y=l}DK{,i8;?PzsgOɵ2sXs\ Z}l+ҿDžܳbpt.&.9Iߺ$SP+=Ƃz :t{Do7ۨ;.|ʜ(=~![5'zxyu?qFΛڭݷF]foݷ~vcW}턟yP1鐧vlLgI"ɫ׺w7}\8%'+w|62q/nV (f~X;pOҠcm}d<ݸg[f1vfwo}|]& {~ ]ݣPIݣ뻻~=Ғ(r]&ZD܎pw5Q {qI9.c \>bFԧ3ӆer.#}z4UGoC :>9vOXR7m̂♉eىY[vXiB[pZ)֞EWeO\920f`T/35FkNgFV|g<0ym⊪msI2m"Z0[J $ H8Nm5[ p#.1$n=t_a2ڼˍnJ%JMY%i,>`zK&zg ,y$֔b‰S@'M-u$if'%4hlK^5h`KX{lYt%]<-KLh뺽bJ[ƃU⏊%)T^?]IzZtٱ f_嚪h/ !3 W5[#}olZsK,ױX)O/rc$9q7777�÷RT;|c~[\Į0>֟R}Hm ,qaxGX$wDO(ZnI#^ڐD` ; c GgFk X%^XC56gcOԐג?up xOIU@%ڙ[#;0\ 5?L}`{">i_ɠ?aucrCee?!P"_^3\J&{mŽPc ⢫KΡTtHkTbБƪγ>1$MEq' 2d߬ԗbf\g-g2B@% (y2!טq3x=c KBqF!6{MشFϬɪ"m&TV"^!",ʫߍn}kky@[񣵥Ĵ~2`lJi`i4qh<⥯텋AjKh+I伇ɯͭ,|S牣i ^}&;x! c]^d==G۹T } ss(IL MJ$@sܗ?${ҏ xeAGu%kjaƎPs֩ pfྮEmX^do[ĩh%$Gn}K(+$AcW֧運2Bu\ݲK^Hj/%ʏAFԑ{[hp9Z0T^fd{ mXoY4Dk3${A-[o6௶aulau%^/y*췱gyΜ[pmV)˾jhk>˳qll`l^Jif-eĚSa+I錃qlr/] 3&e?G<:^ۏo noR.qHXm;QR] m(я TeQOb#' NsJ(aZ 'Ʈ$Jjadw/}$ƽ2tyϹcL8quEMm&^} ka='bl\M>'p.dˋ8AE!Fp9}AKfRlǛRa}N"F dѴëB.]cbj\}K ZkKXYw)]dDo=75ꮐ֘1Jh*B UٜAKuU*Z!ѤFZj>At3#lzZC JOk&`a6v̈́7}|W@O[jkwhDPUԴU{k7Ɣ'E[TvXj; ˴՝KidqAR?d_j~fR.gI*A4`1MĀnn洯*ewZ.Wiy=Fe_8ZՔV-`{dEʮ@n > Փ>-,^kuζy1@K%XS=ouO#T'TXC,|~Z:<~Q-mER!&҃xo(se\z1߾ZכkQMS<* ^Rc"W6&K<=@ C/0ڱ]w&-Rݽ,%&hPjߚc=/V7Wka\0,9+ߙt/0̊ۼ%U$d[htowAQg)q8 @ɩn붩&(Rq6~mX+sYl J W..rBǛh%=Q4ӸiL(Z_0C@E_+AJLB(fYiv' o.GX# v.p+PUݷod}exxYJ"LrKŲY5cv>+ ާ%wA>po2|SPʕ=U+%=rhp &̋XH t<.$Ȑ[8[A=~{DLRO= n1N8ǃ"Ba,c+pD['鍀Ii+62sjDlo; 句kXT8C}F[׽Vߺ졇U C #LGXT=ݛV_βC(4xafԘ@= CO 2ߝy»Oc<q Dt(.( oIYPXPϏg#z)%D7UI8Fͭ03L\Yej xpX<>swe~rt6#< 23 kR.ɖàzEQp#ߛꞿSg0Y/غ9P^|>i..\`&hT/晾DQ);OFYi1;eNq(gͅfU/Y2U94$J>M;KGQ=@)Qe3 \VCĨҋS901c<>lzZ6ZA/N|veI#guԢF h7xY:X)` /\js@1@C|k{5Bx_m;e@/P~ (By79hp(?'@ |?d ʯ֗sq>(}Q35>2?Cg,~/dv2t2Ӂw2dg(?2O4Pw2a|3Arߧ}}ʠ5_g^g55u%:Iʘ!g \8=Rfr ~)A_d_y*%IFy 3YY ~veX^dй\52Я!ew2~62Ai_u aqʍz^Syښ馵pۭ]n@KG{1*,xWbOW4<< X1rnmVDVOq&R2#s"qǾJ#sbžȾ>sE}b>3vͣ,I%;H_ L2~08i0t@ۓ{W.v8)s r%>| SG0U75i~o[~|^EM++ f{DDã*R%}a`R++PPफ़h[iRo#-ϡ'!pA>fJC#D`5~L@NL|E{_ԃmBfp0,{|ygu~o2P e S7 J,5v;ЋD@.s/7q) ?`-kD2yhpz:)m:@by0\9KhnAA?[h -xqfڔSF  Lwztm4B΄[4п}bs%(uL1S(X E!f Nؒ1bQSRۨWYɑtt[;$}F(r1>t (luy9"4s . " n#QULZDAۀYN zv!{=]M̸ğcx*8" "H "s{D|%ЄZsJdB2L'KFΗcӄ2t~, {+2‡_j /EݩcEi_cͅxsp */!نIf[W ^{#FT Ot(̮ch~jA߮ed#ə W B8 YT8n'rLo帘c{[/AI)H[aʹD6vVAgL=SY,> V_dvO~5B+O-sD?>K:[31U1ւ_6/gз/;MzKV9((& ]a6ьU%8yHRmDGK=$sDs݅ ߠ(b/<% *`>.X&">6v>L#/A>X의n%rs4cbVHd=)O?5/G[nI\k<>aipO1Su Ыv.|x@loM;,:P1$+nvGD '7>6'كl2p~M!(_Gْk0us^nT "+1<&`ߟ2"L) Ԣ?3g(\*],1Ał?vL#qB9jNE 8"U]ۼ66sP/>yKW=Q'na|ht% ^FH‡%!Ҷ\)Vb%pCV{f:ePEXl+NEk,^zXٻ`(>n)ZF,c ԭ<P0_C~C.v^e܌1uF:¶u4-ѩoTF5={ks`CΜtU  ᘭ=d_qxN|L/Xw4ͱWRɤ{e epCikZK 0Dq] XâȖWqTR:!; /k+0X1'(NR{Qf7}`N*)Asa#W"- sexDh\"?@xkxlw:k+Ȁ7H>Y[D,5Rb:(G=zk|FXK\Mhc{pfif(Rc93a=`>.<jgWP Y-f1%Dv88)ҡCAȚBTfƲ 7cP.X-'B@w:S .x CG,$?ˋ}P byx ŧ$NS?G'W.rƕy_Sq|>k-]7,{ޗN}RI>QoXix ~']f(FRqO\|j8(>u/coh /=l}pٽ:?Š=EKB^ D>Vy|>Cols g|oUAtQ]Z%Nbj| d,3r&5X-lt; o]F'ah|NVKI+^ͦG(Gs+&|idLp -ͱeRZ`l/Z6v?>)