Linux Security Hole Goes Back Eight Years

Here’s another deep chink in the armor of the braindead zealots who claim Linux is inherently more secure than Windows. Julien Tinnes and Tavis Ormandy have found what could be the widest ranging vulnerability yet discovered in the Linux kernel.

Affected versions include all Linux 2.4 and2.6 versions since May 2001. This spans 2.4.4 up to and including 2.4.37.4 in the 2.4 kernel and every iteration of 2.6 from 2.6.0 up to and including 2.6.30.4.

What is this vulnerability all about? Functions in certain kernel routines are left uninitialized, so pointers aren’t validated before dereferencing. This allows local execution of code (sample POC available in both articles linked above) which compromises the machine. Compromise? Yes, pwnt.

These are known affected modules according to Redhat’s bugzilla:
ipx.ko
irda.ko
x25.ko
ax25.ko
bluetooth.ko
sctp.ko
pppoe.ko
pppox.ko
appletalk.ko

That thread offers mitigation possibilities (and some commenters — see #32 and #48 — explain why those steps won’t work). According to post #27 in that thread, the exploit is already being used (as of about a week ago as I write this) to attack machines: “They entered the system through a web application exploit and then used the exploit to gain a root shell.”

This gets to the bigger problems of security. If you think of Linux as only the kernel or even the kernel plus the utilities that make it a functioning operating system, you’re seeing only one layer of vulnerability. Add another layer of complexity with various software and you’re adding more complexity and, accordingly exponentially more layers of vulnerability. If someone can get in through one door, he can often find “keys” to open other doors. That in a nutshell is what happens in cases like #27 in the Redhat bugzilla thread.

Fedora, Debian, and Ubuntu have reportedly already patched for this kernel issue. UPDATE: So has Slackware for -current and 12.2; patches are available for other releases with both 2.4 and 2.6 kernels.

Advertisements

One Response to “Linux Security Hole Goes Back Eight Years”

  1. Linux Security Hole Goes Back Eight Years « lucky13 | Linux Affinity Says:

    […] original here: Linux Security Hole Goes Back Eight Years « lucky13 Posted in: […]

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: