8-year-old kernel security hole found

[Foster Grant]

http://www.theregister.co.uk/2009/08...cal_linux_bug/

Linux developers have issued a critical update for the open-source OS after researchers uncovered a vulnerability in its kernel that puts most versions built in the past eight years at risk of complete takeover.

The bug involves the way kernel-level routines such as sock_sendpage react when they are left unimplemented. Instead of linking to a corresponding placeholder, (for example, sock_no_accept), the function pointer is left uninitialized. Sock_sendpage doesn't always validate the pointer before dereferencing it, leaving the OS open to local privilege escalation that can completely compromise the underlying machine. . . .

"This passes my it's-not-crying-wolf test so far," said Rodney Thayer, CTO of security research firm Secorix. "If I had some kind of enterprise-class Linux system like a Red Hat Enterprise Linux...I would really go check and see if this looked like it related, and if my vendor was on top of it and did I need to get a kernel patch."

Gotta figure new kernel updates coming into the repos, maybe as soon as tonight ...

[Methuselah]

Good.
Open source doesn't have the benefit of 'security through obscurity'.
Since the code is open for public scrutiny best practices must be followed and it makes for better software overall.

[gletob]

http://www.theregister.co.uk/2009/08...cal_linux_bug/


Gotta figure new kernel updates coming into the repos, maybe as soon as tonight ...

Great. This is not good for my server uptime. But security fixes are good.

[MaxIBoy]

If you've read slashdot recently, you'll know that kernels going all the way back to 2.4.x have had a security vulnerability which was recently discovered. This includes most architectures (i.e. if you use a PPC or something, don't assume you're safe!)

This vulnerability is trivial to exploit. A malicious program can easily use it to gain kernel-level permissions.

This issue has been fixed. If you are capable of doing so, I recommend downloading a git snapshot kernel and compiling it.

If you are unable to compile a kernel, be a bit more cautious for the next few days. As far as I know this can only be exploited through compiled programs, so you don't have to worry about malicious javascript in web-pages or anything like that. Also the repositories are still safe, I think you'll be fine if you don't install anything outside the repos. This patch will probably get applied to old kernels soon and you'll be seeing it as an update.

[hellmet]

Thanks for letting us know.

[samjh]

Good thing they've found the error. Bad thing is this will give Linux's opponents ammunition about how using amateurs programmers and volunteers result in poor security, and how FOSS's community development model is not secure.

[Eisenwinter]

Good thing they've found the error. Bad thing is this will give Linux's opponents ammunition about how using amateurs programmers and volunteers result in poor security, and how FOSS's community development model is not secure.

Because of one exploit that's been discovered? Microsoft has hired programmers to develop its products, yet many exploits are continously being discovered for them, even though the source is closed.

[Bachstelze]

The bug involves the way kernel-level routines such as sock_sendpage react when they are left unimplemented. Instead of linking to a corresponding placeholder, (for example, sock_no_accept), the function pointer is left uninitialized. Sock_sendpage doesn't always validate the pointer before dereferencing it, leaving the OS open to local privilege escalation that can completely compromise the underlying machine. . . .

Someone should have paid more attention in C classes. That's really basic stuff: never leave a pointer uninitialized...

[Bachstelze]

Good thing they've found the error. Bad thing is this will give Linux's opponents ammunition about how using amateurs programmers and volunteers result in poor security, and how FOSS's community development model is not secure.

"Amateur" and "volunteers" don't necessarily mean "incompetent". Some of the most highly regarded security experts are free software developers.

[rookcifer]

From The Register:

Linux developers have issued a critical update for the open-source OS after researchers uncovered a vulnerability in its kernel that puts most versions built in the past eight years at risk of complete takeover.

The bug involves the way kernel-level routines such as sock_sendpage react when they are left unimplemented. Instead of linking to a corresponding placeholder, (for example, sock_no_accept), the function pointer is left uninitialized. Sock_sendpage doesn't always validate the pointer before dereferencing it, leaving the OS open to local privilege escalation that can completely compromise the underlying machine.

More at the source linked above..

Be on the lookout in coming days for the patch to hit the repos.