Linked by Jordan Spencer Cunningham on Fri 14th Aug 2009 02:29 UTC
It's the end of the world. Again. According to some Linux developers and security researchers, a bug in the Linux kernel has just been uncovered that makes just about every distribution utilizing kernel 2.4 and 2.6 on just about all architectures since May of 2001 vulnerable to a certain kind of attack.
Thread beginning with comment 378457
To read all comments associated with this story, please click here.
To read all comments associated with this story, please click here.
RE: Recent Kernels have protections (RHEL 5.2+).
by PlatformAgnostic on Fri 14th Aug 2009 05:48
in reply to "Recent Kernels have protections (RHEL 5.2+)."
Member since:2006-01-02
RE[2]: Recent Kernels have protections (RHEL 5.2+).
by sakeniwefu on Fri 14th Aug 2009 12:19
in reply to "RE: Recent Kernels have protections (RHEL 5.2+)."
Member since:2008-02-26
No, he isn't.
SELinux does disable that for its own secret reasons.
Anyways what strikes me is that nobody noticed before. Trying to allocate the 0th page sounds like something that would happen often(in buggy code) and that would sound many alarms if successful. Especially as we know it would fail on some systems.
All the exploit is a bit unbelievable but that particular point is amazing.
Member since:
2005-07-06
More recent kernels have a protection against this exploit, if they contain the mmap_min_addr feature is set correctly.
You can check your kernel via this:
# cat /proc/sys/vm mmap_min_addr
65536
While we have not gotten any official word from Redhat, I did some spot checking and it looks like RHEL 4.8, RHEL 5.2, and RHEL 5.3 have this parameter set correctly.
But, beware, any use of SELinux will bypass the protections given by this kernel feature.