Serious Linux Security Holes Uncovered and Patched

Two new virtual memory security problems were found in the Linux kernel on Wednesday and were promptly fixed.

Several security vulnerabilities in the Linux kernel were uncovered on Wednesday by a Polish security group. The problems were verified by Linux kernel developers and then fixed with a set of updates.

The Polish security non-profit organization iSEC Security Research on Wednesday released an advisory describing two "critical security vulnerabilities" in Linux 2.4 and 2.6s "kernel-memory-management code inside the "mremap(2)" system call.

The first of the problems, called "Linux kernel do_mremap VMA limit local privilege escalation vulnerability" by iSEC, could have enabled a cracker to achieve full super-user privileges.

With the super-user authority, equivalent to Windows administrator mode, a malicious user could destroy other users directories, plant rogue programs or trash the entire system.

The second vulnerability, dubbed the "Linux kernel do_mremap() local privilege escalation vulnerability," could have with "proper exploitation of this vulnerability … lead to local privilege escalation including execution of arbitrary code with kernel-level access," the iSEC advisory explained.

In short, an entire system could be disabled or hijacked.

However, both vulnerabilities could only be attacked by local users with Unix shell access and comprehensive knowledge of how to exploit these vulnerabilities in Linuxs virtual memory manager, observed Martin Schulze, Debian Linuxs security expert and a director for Software in the Public Interest Inc., in a statement.

Although both the security holes were found in Linuxs virtual memory kernel subsystem, they are not related problems, according to iSEC.

Both security problem were fixed on Wednesday in the latest versions of the kernel: Linux 2.4.25 and 2.6.3.

Linus Torvalds, in the linux.kernel mailing list, said that the issues were "fixed in [versions] 2.6.3 and 2.4.25 (and, I think, vendor kernels). Please upgrade if you allow local shell access to entrusted users."

Indeed, Linux distributors, such as the Debian Project, Novell Inc./SuSE Linux and Red Hat Inc., released patches on Wednesday. The Red Hat update, for example, addresses the vulnerability uncovered by iSEC as well as several other issues listed by the Common Vulnerabilities and Exposures project.

iSEC Security Research was involved in another recent discovery of Linux vulnerabilities. In January, the group disclosed several holes in the Linux 2.4 series kernel and developed exploit code for the vulnerability.

/zimages/6/28571.gifCheck out eWEEK.coms Linux & Open Source Center at for the latest open-source news, reviews and analysis.

Be sure to add our Linux feed to your RSS newsreader: