posted by Jordan Spencer Cunningham on Fri 14th Aug 2009 02:29 UTC
IconIt's the end of the world. Again. According to some Linux developers and security researchers, a bug in the Linux kernel has just been uncovered that makes just about every distribution utilizing kernel 2.4 and 2.6 on just about all architectures since May of 2001 vulnerable to a certain kind of attack.

I'm not any sort of developer, so basically all of this makes no sense to me except that whatever comprises the aforementioned bug allows an attacker to escalate local privileges and completely compromise the entire system. Julien Tinnes, a security researcher who does know his way around kernel code, wrote the following details about the bug.

At first sight, the code in af_ipx.c looks correct and seems to initialize .sendpage properly. However, due to a bug in the SOCKOPS_WRAP macro, sock_sendpage will not be initialized. This code is very fragile and there are many other protocols where proto_ops are not correctly initialized at all (vulnerable even without the bug in SOCKOPS_WRAP)... Since it leads to the kernel executing code at NULL, the vulnerability is as trivial as it can get to exploit: an attacker can just put code in the first page that will get executed with kernel privileges.Since it leads to the kernel executing code at NULL, the vulnerability is as trivial as it can get to exploit: an attacker can just put code in the first page that will get executed with kernel privileges.

Rodney Taylor, from security research at Secorix, said that the bug "passes my it's-not-crying-wolf test so far," and that he'd definitely check his enterprise Linux systems (providing he had any), see if it was related, and see if he needed to get a patch.

Lucky for us, there already is a patch, and it should be implemented into all future kernels from here on out.

Makes me happy to be alive.

e p (6)    58 Comment(s)

Technology White Papers

See More