A series of recently announced security flaws open Linux and related technologies to attacks ranging from denials of service and local exploits to the potential for remote system compromise.
Senior Linux developer Alan Cox announced a set of “race conditions” in the Linux kernel that were fixed in Version 2.6.9. The problems are in the terminal subsystem. Patches are also available for the 2.4x kernel, but not the 2.2 kernel.
Cox reports two problems, the first involving a local program performing specific operations with a particular timing, resulting in crashes and “other undefined behavior,” including the release of small amounts of random kernel data. The second attack involves dial-up users connecting over PPP (point-to-point protocol) ports and performing a console switch at precisely the right time, causing a crash. The second attack can only be reproduced over direct serial lines, not modems, leading Cox to minimize the possibility of a true remote attack.
A separate problem was reported in the iptables program of the 2.6x kernel, specifically an integer underflow. iptables is part of the Linux kernels network security. Along with netfilter it provides packet filtering, network address translation and other security features.
The integer underflow, the exact nature of which has not yet been revealed, is alleged to occur in iptables logging when both IP and TCP options are enabled. According to a SuSE write-up on the problem, the attacker would have to hand-construct an IP packet. The problem is fixed in the 2.6.8 version of the kernel.
In the same advisory SuSE also credits IBM with finding a local root exploit in its own SuSE Linux Enterprise Server 9 on the S/390 platform. This problem results from incorrect handling of a privileged instruction.
Finally, the LibPNG graphics library, popular in most distributions of Linux and many applications, such as Mozilla, is reported to contain several integer overflows. Theoretically these could allow a specially crafted PNG image to cause arbitrary code to be executed, but this has not yet been demonstrated.
LibPNG is the official library for handling Portable Network Graphics (PNG) files. A new library version is available to address the problem, but since LibPNG is linked into many applications, users may need to get updates from application vendors.
Check out eWEEK.coms Security Center for the latest security news, reviews and analysis.