Bug in latest Linux gives untrusted users root access
Links: home · search · speed test · login · more ·
 
Links: Reply New Topic
Forums » Security » Security » Bug in latest Linux gives untrusted users root access

matunga @ 4th Nov 08:14AM:
Bug in latest Linux gives untrusted users root access

A software developer has uncovered a bug in most versions of Linux that could allow untrusted users to gain complete control over the open-source operating system. :o

The null pointer dereference flaw was only fixed in the upcoming 2.6.32 release candidate of the Linux kernel, making virtually all production versions in use at the moment vulnerable.
»www.theregister.co.uk/2009/11/03···ability/
reply
Drunkula @ 4th Nov 08:27AM:
Re: Bug in latest Linux gives untrusted users root access

Well to Matunga's credit, at least he pointed out there is a fix this time.
reply
KodiacZiller @ 4th Nov 08:47AM:
Re: Bug in latest Linux gives untrusted users root access

Old news. There have been a couple of these NULL dereference bugs making noise on the Linux mailing lists for a while now. Since it has already been fixed by everyone, I fail to see why this is even news?

And the discoverer, Brad Spengler, while one of the best there is, also seems to have a major axe to grind with Linus. Perhaps it is because most of the kernel guys prefer SELinux over his GRsecurity?
reply
Link Logger @ 4th Nov 08:55AM:
Re: Bug in latest Linux gives untrusted users root access

said by KodiacZiller :

Old news. There have been a couple of these NULL dereference bugs making noise on the Linux mailing lists for a while now. Since it has already been fixed by everyone, I fail to see why this is even news?
Fixed by everyone, what does that mean? I mean while all the vendors might have it patched/fixed, it by no means indicates that all the users have updated etc. Often warnings aren't directed to the vendors themselves (they likely already know), but to their users so they know they need to update and even then they might not, but at least they have been told and their non-action is their choice (however sometimes they don't get to choose the consequences).

Blake
--
Vendor: Author of Link Logger which is a traffic analysis and firewall logging tool
reply
upb @ 4th Nov 09:06AM:
Re: Bug in latest Linux gives untrusted users root access

The workaround was published last August in the Slackware Security mailing list, but it applies to almost any distro. You simply make sure that you have a file named "/etc/sysctl.conf" which contains at least the following:


I've tested the exploit out against machines configured in that way, and the exploit has always failed.

reply
anon @ 4th Nov 09:41AM:
msg deleted

deleted by a moderator
reply
SUMware @ 4th Nov 09:48AM:
Re: Bug in latest Linux gives untrusted users root access

»www.theregister.co.uk/2009/11/03···ability/
quote:
The latest bug is mitigated by default on most Linux distributions, thanks to their correct implementation of the mmap_min_addr feature. But to make RHEL compatible with a larger body of applications, that distribution is vulnerable to attack even when the OS shows the feature is enabled, Spengler said.

A Red Hat spokeswoman said patches for the versions 4 and 5 of RHEL and MRG are available here. An update for RHEL 3 is in testing and should be released soon.

reply
Cabal @ 4th Nov 09:49AM:
Re: Bug in latest Linux gives untrusted users root access

I don't have untrusted users.
reply
KodiacZiller @ 4th Nov 03:26PM:
Re: Bug in latest Linux gives untrusted users root access

said by Link Logger :

said by KodiacZiller :

Old news. There have been a couple of these NULL dereference bugs making noise on the Linux mailing lists for a while now. Since it has already been fixed by everyone, I fail to see why this is even news?
Fixed by everyone, what does that mean? I mean while all the vendors might have it patched/fixed, it by no means indicates that all the users have updated etc. Often warnings aren't directed to the vendors themselves (they likely already know), but to their users so they know they need to update and even then they might not, but at least they have been told and their non-action is their choice (however sometimes they don't get to choose the consequences).

Blake
When I said "everyone" I meant all of the major distributions have already implemented work arounds (by adjusting the mmap_min_addr value in /proc). The only major distro not to fix it this way is Fedora (which is interesting since Fedora is usually one of the most security oriented distros).

As for alerting users, most users shouldn't have to worry about it, or if they do, the updates will be pushed automatically by most distros anyway.
reply
Link Logger @ 4th Nov 04:01PM:
Re: Bug in latest Linux gives untrusted users root access

said by KodiacZiller :

As for alerting users, most users shouldn't have to worry about it, or if they do, the updates will be pushed automatically by most distros anyway.
Oh those evil automatic updates, funny how many people don't trust those. I believe in them, use them, but some people don't.

Blake
--
Vendor: Author of Link Logger which is a traffic analysis and firewall logging tool
reply

Thank you for using lo-fi dslreports.com - report bugs
© 99-2009 silver matrix LLC