Kernel Exploit Cause Of Debian Compromise

← Back to Stories (view on slashdot.org)

Kernel Exploit Cause Of Debian Compromise

Posted by simoniker on Monday December 1, 2003 @09:40AM from the slightly-disturbing dept.

mbanck writes "The cause of the recent Debian Project server compromise has been published by the Debian security team: 'Forensics revealed a burneye encrypted exploit. Robert van der Meulen managed to decrypt the binary which revealed a kernel exploit. Study of the exploit by the RedHat and SuSE kernel and security teams quickly revealed that the exploit used an integer overflow in the brk system call. Using this bug it is possible for a userland program to trick the kernel into giving access to the full kernel address space'. This issue has been fixed in 2.4.23. Thus, the Linux kernel compromise was not Debian specific."

35 of 673 comments (clear)

Shows the dangers of C by Anonymous Coward · 2003-12-01 09:42 · Score: 4, Funny

If the kernel was coded in visual basic, this wouldn't be happening.
1. Re:Shows the dangers of C by stefanlasiewski · 2003-12-01 09:54 · Score: 5, Funny
  
  By 'this' do you mean the exploit wouldn't be happening? Or the Kernel?
  
  --
  "Can of worms? The can is open... the worms are everywhere."
2. Re:Shows the dangers of C by Lussarn · 2003-12-01 11:03 · Score: 4, Funny
  
  Why not Brainfuck
  
  If you can't read your own code who else can..
what kind of person... by potpie · 2003-12-01 09:43 · Score: 5, Funny

What kind of person spends that much time trying to find exploits in operating system kernels? Likewise, why do I spend so much time on www.thinkgeek.com/fortune.shtml? We are a sad people.

--
Esoteric reference.
Oh... by Anonymous Coward · 2003-12-01 09:43 · Score: 1, Funny

Fark. This seems to be a local exploit though. Whose the naughty one that did it? We can't have rogue members in our proud Debian society now can we? Come on, take it like a man.
Userland exploits by Hayzeus · 2003-12-01 09:44 · Score: 5, Funny

The evidence mounts: users should be eliminated.

--

Roving Web-Teleoperated Robot
Re:Hurray for the Debian Security Team! by isaac338 · 2003-12-01 09:48 · Score: 2, Funny

It obviously was known previously, as whoever cracked the Debian servers must have known about it.
Bang goes everyone's uptimes... by Anonymous Coward · 2003-12-01 09:49 · Score: 2, Funny

yup... this'll make ms-windows look good on the uptime front for at least a week...
Yup by ENOENT · 2003-12-01 09:49 · Score: 4, Funny

Just like Nancy Reagan said: Users are Losers.

--
That's "Mr. Soulless Automaton" to you, Bub.
Well then they'd better get some help by Hal+The+Computer · 2003-12-01 09:51 · Score: 5, Funny
CLIPPY:
You appear to be trying to write a kernel. Do you want to:
- Automatically make sure the Visula Basic DLL is included in your program?
- Answer some questions and have me generate a nice windows kernel for you?
- Straigten me, and turn me into a very attractive piece of modern art?
--
int main(void){int x=01232;while(malloc(x));return x;}
1. Re:Well then they'd better get some help by Ann+Elk · 2003-12-01 10:14 · Score: 2, Funny
  
  I always thought Clippy needed an option to eject the CDROM...
Re:NEWSFLASH by Aardpig · 2003-12-01 09:56 · Score: 1, Funny

This does not affect OpenBSD. Smart admins can sleep well tonight.

Hell, who cares, OpenBSD is dying. In fact, in Soviet Russia it's already dead...

--
Tubal-Cain smokes the white owl.
There goes my Saturday by mariox19 · 2003-12-01 09:59 · Score: 5, Funny

I had just convinced myself there was no compelling reason to upgrade my kernel from 2.4.22.

Actually, there still isn't, since the likelihood of my machine "coming under attack" is slight. But, what's the point of running Linux if you're not going to get all worked up over things like this ;-)

Happy make menuconfig to all!

--
quiquid id est, timeo puellas et oscula dantes.
Re:A shift of focus by Anonymous Coward · 2003-12-01 10:00 · Score: 5, Funny

It's fun to see how security research shifted from applications to kernels lately.

Fun!? You must be Klingon.
Re:Hmm, Methinks I've Heard this theme before by RetroGeek · 2003-12-01 10:08 · Score: 5, Funny

Several million others that I missed, which courteous slashdotters will point out.

I'm sorry Dave, I can't do that...

--

- - - - - - - - - - -
I am a programmer. I am paid to produce syntax not grammar. Deal with it.
Re:How did they get in to run a userspace util? by g1zmo · 2003-12-01 10:13 · Score: 5, Funny

I believe an earlier article said that it appeared that he sniffed a password to the box.

Or perhaps "she" sniffed a password?

I refuse to believe that the really hot, Debian-using, password-sniffing, root-exploiting geek girl is a myth.

--
I have found there are just two ways to go.
It all comes down to livin' fast or dyin' slow. -REK, Jr.
Kicking it up a notch. by _Sprocket_ · 2003-12-01 10:20 · Score: 5, Funny

And they call Windows unsecure. How does crow taste, Slashdot?

Pretty good if you know how to spice it right. The trick is, knowing you've got crow to eat. How's that mystery meat you're chewing on?

(there's a joke about feeding trolls to be made in this somewhere)
Up 107 days... by jehreg · 2003-12-01 10:21 · Score: 5, Funny

kc grub # uptime 17:21:06 up 107 days, 22:45, 1 user, load average: 0.35, 0.82, 0.47
Great..... there goes my uptime.....
If I have to reboot more than once per year, I'm switching to Windows.
1. Re:Up 107 days... by Roadkills-R-Us · 2003-12-01 10:38 · Score: 2, Funny
  
  If I have to reboot more than once per year, I'm switching to Windows.
  
  Yeah, then you only have to reboot once a day!
2. Re:Up 107 days... by prock307 · 2003-12-01 10:59 · Score: 2, Funny
  
  Hmmm.... Although this could start a flame war...
  
  I would have been up for 367 days today if some idiot didn't grab my server's keyboard instead of the M$ W2K box next to it to do a 3-finger-salute.
  
  Needless to say I have disabled that "feature" now.
  
  rock@phantom:~$ uptime
  Unknown HZ value! (2) Assume 100.
  16:47:42 up 256 days, 1:51, 1 user, load average: 0.00, 0.00, 0.00
3. Re:Up 107 days... by silicon+not+in+the+v · 2003-12-01 11:42 · Score: 2, Funny
  
  Whoa! Windows crashed a Linux box just sitting next to it! I think that may be a first.
  
  --
  We may experience some slight turbulence and then...explode. -Capt. Mal Reynolds
4. Re:Up 107 days... by Haeleth · 2003-12-01 13:18 · Score: 2, Funny
  
  If I have to reboot more than once per year, I'm switching to Windows.
  
  Why does everyone always make fun of Windows' uptime records? I'm proud of what my GNU/Windows box can achieve. Look...
  haeleth@Cynewulf ~ $ uptime 01:21:28 up 15:37, 1 user, load average: 0.00, 0.00, 0.00
  That's nearly a whole day!
Re:A shift of focus by Frymaster · 2003-12-01 10:25 · Score: 5, Funny

what i want to know is...
does this code belong to sco?

--
2 1337 4 u!
I feel your pain.... by The+Ape+With+No+Name · 2003-12-01 10:28 · Score: 2, Funny

me@spyder:~$ w
17:26:24 up 168 days, 5:52, 5 users, load average: 0.70, 0.78, 1.59

D'oh. Well what to do....

--toby

--
Comparing it to Windows will be a moot point, since El Dorado is going to have a 40% larger code base than XP.
Re:A shift of focus by SlashDotAgent · 2003-12-01 10:48 · Score: 2, Funny

If only any Linux application could run on any distribution, just according to the kernel, like those exploits...
Re:A shift of focus by Sloppy · 2003-12-01 10:56 · Score: 4, Funny

That's why all the smart admins have been migrating their servers over to the best platform for the job: XBox.

--
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
Re:WHAT DID I TELL YOU TWO WEEKS AGO!?!?!? by talks_to_birds · 2003-12-01 11:13 · Score: 1, Funny

Linux is kernel-level exploitable.
Windows is not.
Window$ doesn't have a kernel; a rat's nest, maybe, but certainly not a kernel...
t_t_b

--
I'm on PJ's "enemies" list! Are you?
Re:A shift of focus by Anonymous Coward · 2003-12-01 11:16 · Score: 5, Funny

"Fun!? You must be Klingon."

Today is a good day to get rooted.
Re:Time for better security. by Pflipp · 2003-12-01 11:28 · Score: 3, Funny

bash Theo

Never EVER put these words together. It's like keeping the Bible next to the Koran. You'll never know just when they will auto-ignite!

--
"We can confirm that Debian does *not* ship the version with the trojan horse. Our version predates it." [CA-2002-28]
Re:Why aren't the using Debian Stable? by Anonymous Coward · 2003-12-01 12:22 · Score: 2, Funny

No, I think Debian is still using kernel 2.0.0. There is going to be a new Debian release "any day now."
Re:The kernel patch... by debrain · 2003-12-01 13:42 · Score: 2, Funny

but nobody realised it was an exploitable security hole until a day or two ago

I'd say someone figured it out at least a week ago. ;)
Patch Created September, System Rooted in November by Anonymous Coward · 2003-12-01 16:16 · Score: 1, Funny

... hey, it's just as good as Windows!
Re:A shift of focus by Net_Wakker · 2003-12-01 19:21 · Score: 2, Funny

Today is a good day to get rooted.
I don't know, but ever since I saw the goatse-guy this just no longer has the same meaning...

--
a horrible place
Re:A shift of focus by worf_mo · 2003-12-01 20:08 · Score: 2, Funny

does this code belong to sco?

And can those who have bought a license sue them now?
Re:A shift of focus by Anonymous Coward · 2003-12-02 03:05 · Score: 2, Funny

Yes, the secret is out. Hyper Text Markup Language is a language.