Slashdot Mirror

← Back to Stories (view on slashdot.org)

Local Root Hole in Linux Kernels

Posted by michael on from the keep-those-users-down dept.

xepsilon writes "A local Linux security hole using ptrace has been discovered that allows a potential attacker to gain root privileges. Linux 2.2.25 has been released to correct this security hole, along with a patch for 2.4.20-pre kernels. 2.4.21 ought to contain this fix, once it is released. 2.5 is not believed to be vulnerable to this security hole. See this email from Alan Cox for details, and a patch."

32 of 495 comments (clear)

  1. A bug!?!?11 by Anonymous Coward · · Score: 0, Funny

    ... must be Microsoft's fault since it's posted on /.

    1. Re:A bug!?!?11 by t0ny · · Score: 2, Funny

      NOW linux is ready for the desktop

      --

      Manipulate the moderator system! Mod someone as "overrated" today.

  2. How is Microsoft responsible? by jmulvey · · Score: 5, Funny

    With all the brainpower on /. I'm sure we can discover a way.

    1. Re:How is Microsoft responsible? by lavalyn · · Score: 5, Funny

      Microsoft would have a monopoly on privilege escalation exploits if not for Linux.

      --
      Doing the Right Thing should not be preempted by making a buck.
    2. Re:How is Microsoft responsible? by kfg · · Score: 5, Funny

      I think the late George Mallory put it rather succinctly:

      "Because they're there."

      On the other hand, in the words of Voltaire:

      "If Microsoft didn't exist it would be necessary to invent them."

      However, regarding the current kernel situation I think my deeply missed old granny put it best:

      "Oh fuck."

      KFG

    3. Re:How is Microsoft responsible? by kasperd · · Score: 4, Funny

      Microsoft would have a monopoly on privilege escalation exploits

      No, Microsoft has a bulletproof way to prevent privilege escalations. They simply make sure the attacker gets all privileges at once, then there is nothing to escalate.

      --

      Do you care about the security of your wireless mouse?
  3. Got Root? by FAngel · · Score: 5, Funny

    Got Root?

    1. Re:Got Root? by Anonymous+Cow+herd · · Score: 5, Funny

      I do now >:)

      --
      Ita erat quando hic adveni.
    2. Re:Got Root? by cyb97 · · Score: 3, Funny

      Just give me a minute ;-)

    3. Re:Got Root? by wirelessbuzzers · · Score: 5, Funny

      I do now >:)

      I believe you mean "#:)"

      --
      I hereby place the above post in the public domain.
  4. It's Tuesday by Anonymous Coward · · Score: 5, Funny

    Journal Entries:

    (looks at watch) its monday again... time to go patch my IIS

    (looks at watch) its tuesday again... time to go patch linux.

    1. Re:It's Tuesday by charon_on_acheron · · Score: 3, Funny

      Four day week, huh? Must be nice. :^P

  5. This has to be erroneus. by Anonymous Coward · · Score: 0, Funny

    After all, Linux is perfect, right? Linux has NO vulnerabilities. It's that OS from Bill that is buggy, right?

    1. Re:This has to be erroneus. by zebs · · Score: 2, Funny
      After all, Linux is perfect, right? Linux has NO vulnerabilities. It's that OS from Bill that is buggy, right?

      Its bugs from code Billy-boy wrote under a pseudonym

    2. Re:This has to be erroneus. by rusty+spoon · · Score: 2, Funny

      Yeah, that William H. Torvalds III has done a lot of damage with his weasly little kernel hacks, dammit.

  6. Love the headline by L.+VeGas · · Score: 3, Funny

    Lo-Cal Root Hole in Linux Kernels

    I think I saw this in an advertisement for granola.

    mmmm... breakfasty

    --
    Best Windows Freeware
  7. Hole Found in Linux Server by ch-chuck · · Score: 5, Funny

    (Server Room, DP) A hole was found in 'cypress', one of the principle Linux file, email and web servers of Brapco Corp early today. "We were dusting out around the back", said Mike Koyro, IT manager of Brapco, "and there it was, right by the power supply." The hole was quickly verified by other members of the IT dept as "really there". Speculation that it may be a screw hole was quickly dispelled when Frank, chief scripting officer, pointed out it didn't have any threads, and no screws were found loose anywhere nearby. "If someone got in here and drilled it during the night, they sure did a clean job - there's no shavings on the floor and the hole has no burrs" observed Mike. "It was either a professional job, with a sharp bit and machining oil, or a manufacturing defect". Calls to Linux Security were unanswered as of press time.

    --
    try { do() || do_not(); } catch (JediException err) { yoda(err); }
  8. IT'S IN ENGLISH!!! by strredwolf · · Score: 4, Funny

    Haleulia and pass the green beer. It's not in Welsh.

    BTW: If you haven't read, or tried to read, Alan's blog you won't get the joke.

    --

    --
    # Canmephians for a better Linux Kernel
    $Stalag99{"URL"}="http://stalag99.net";
    1. Re:IT'S IN ENGLISH!!! by cyb97 · · Score: 2, Funny

      Like the welsh doesn't use any excuse to get drunk?
      Come one grow up! Anybody that knows about st. paddy uses it as an excuse to get smashed on a monday!

  9. Hrm by B3ryllium · · Score: 3, Funny

    I guess they were just trying to out-do the IIS hole.

    Ah well ... there's always "linux single" ... :)

  10. Re:Huh by ageOfWWIV · · Score: 4, Funny

    We're not patching, we're in denial.

    --

    ____
    ATS11=0 the secret to beating everyone else to a 1 line board.
  11. Re:This has to be erroneus.(aehm erroneous) by Anonymous Coward · · Score: 1, Funny

    English is my second language, but I`m pretty sure
    it should be erroneous.
    Or was that on purpose? That`d be funny.

  12. Huh? by Anonymous Coward · · Score: 0, Funny

    Linux has security problems? I've been reading this site for so long, I thought that was only in Microsoft's domain.

    1. Re:Huh? by vsprintf · · Score: 2, Funny

      Linux has security problems? I've been reading this site for so long, I thought that was only in Microsoft's domain.

      We do want to make Windows users feel at home as they migrate to a Linux desktop. We don't expect 'em to go cold turkey right away.

  13. Re:Kernel Patches by kfg · · Score: 2, Funny

    Who's a sysadmin to trust?

    Ummmmm, Ghostbusters?

    KFG

  14. Re:Known exploits? by Soko · · Score: 2, Funny

    The Linux 2.2 and Linux 2.4 kernels have a flaw in ptrace. This hole allows
    local users to obtain full privileges. Remote exploitation of this hole is
    not possible    . Linux 2.5 is not believed to be vulnerable.

    It isn't a remote exploit. Anyone who is foolish enough to attempt to h4X0r your b0X0rz with this vulnerability is within the normal attack range of a LART.

    Please, do patch any affected machines you have as soon as possible, but don't *ahem* panic.

    Soko

    --
    "Depression is merely anger without enthusiasm." - Anonymous
  15. In the meantime... by TheSHAD0W · · Score: 4, Funny

    Until the patch has been tested and distributed, you can prevent the bug from being exploited by locking the door to your office.

  16. Huh? by FireballFreddy · · Score: 2, Funny

    St. Patrick's Day, a perfectly valid and socially acceptable excuse to get rip-roaring pissed, and you say it's *only* for the Irish? I'm sorry, please hand in your geek membership card. You aren't allowed to post here anymore.

    --
    SQUEAK, the Death of Rats explained.
  17. Tux is Welsh!!! by schon · · Score: 4, Funny

    I know "Cymru" means "Welsh" but that's about it.

    Tux, the beloved Linux mascot is Welsh!

    It's true! Tux is a penguin..

    Penguin is derived from two Welsh words: Pen (head) and Gwynn (white)...

    So (besides Alan) there is another link between Wales and Linux.

    (That, and I've tripled your knowledge of the Welsh language :o)

    1. Re:Tux is Welsh!!! by Large+Green+Mallard · · Score: 2, Funny

      So Alan's significant other Telsa Gwynne is half penguin?

      Kinky :)

  18. Re:I'm not going to patch. by gosand · · Score: 3, Funny
    Have you considered the possibility of someone exploiting a non-root remote hole on your box and now having the ability to escalate themselves to root?

    Well, I, ahhh....

    Shut up!

    Would someone please mod my previous post down as "fingers faster than brain"?
    Thank you.

    --

    My beliefs do not require that you agree with them.

  19. And the obligatory.. by mivok · · Score: 2, Funny

    OpenBSD isnt vulnerable :P