Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Linux Kernel Vulnerability

Posted by CmdrTaco on from the well-thats-just-not-pleasant dept.

Stop Or I'll Noop writes "Paul Starzetz writes, "A critical security vulnerability has been found in the Linux kernel memory management code inside the mremap(2) system call due to missing function return value check. This bug is completely unrelated to the mremap bug disclosed on 05-01-2003 except concerning the same internal kernel function code." Full scoop here." Update: 03/07 20:53 GMT by T : This vulnerability (and fixes) were mentioned briefly in an update to this earlier posting.

9 of 486 comments (clear)

  1. Not a new vulnerability by Anonymous Coward · · Score: 5, Informative

    This is the same vulderability that was disclosed a few weeks ago. The advisory was updated on March 1st to include exploit code.

  2. Not a big deal really by jmoen · · Score: 5, Informative

    Seems like none of the current releases are affected by this anyway. Ref. the article:
    Only version: 2.2 up to and including 2.2.25, 2.4 up to to and including 2.4.24, 2.6 up to to and including 2.6.2

    -jmoen-

  3. Old news by phaze3000 · · Score: 5, Informative

    This is why 2.6.3 was released, as discussed in this slashdot story from the 18th of Feb. The date on the linked article is March 1 - this is a second document on the same vulnerability that gives more details. It was not released at the time to give people a chance to patch.

    --
    Blaming GW Bush for the Iraq war is like blaming Ronald McDonald for the poor quality of food.
  4. known since 18. feb. 2004 by gst · · Score: 5, Informative

    actually this vulnerability was announced on 18. feb. 2004 by isec (see http://lwn.net/Articles/71682/).

    isec just waited some weeks until they released the exploit...

  5. Re:Here we go again by bafu · · Score: 5, Informative

    Do I laugh or do I cry? ...

    Laugh, I would say. While both laughing and crying are versatile enough to be used regardless of whether it is a time of great happiness or great sadness, laughing is definitely more "out there".

    just when I had finished compiling 2.4.25 on my systems..

    Anyone who "just finished compiling" the latest release of their favorite kernel tree is all set (assuming the installed it), since this "new kernel vulnerability" is only new in the /. sense. I would think that people who are super-concerned about such things would recognize that in reading the bulletin.

    Did I read the security bullentin correctly

    No, you did not. :-( When it said...

    2.2 up to and including 2.2.25, 2.4 up to to and including 2.4.24, 2.6 up to to and including 2.6.2

    ...you mistook the 2.2 for a 2.4 and thought that it effected your 2.4.25 kernel.

  6. This is medium old news. by Anonymous Coward · · Score: 5, Informative

    This is the second mremap() vulnerability finaly making it to slashdot. Note the date on the linked page, March 1.

    You just thought it was the third because you already heard about two, and forgot that sometimes things take a week or so to make it to /.

  7. Patched in 2.6.3 apparently by petabyte · · Score: 5, Informative

    I'm fairly sure this was patched in 2.6.3. Running the test code included in the advisory on my 2.6.3 (vanilla) system shows:

    [+] kernel 2.6.3 vulnerable: NO exploitable NO

    There's also a patch to mremap listed in the 2.6.3 ChangeLog. So I don't know how "new" this bug is.

  8. Re:Many eyes, but wide open or tight shut ? by BiggerIsBetter · · Score: 5, Informative

    My thinking is that Linux on the desktop is going to need a contingency plan for a widespread vulerability, similar to what Microsoft does with Automatic Updates.

    I'm guessing you don't use Linux then. All major distros release such updates very quickly, and RedHat at least had a desktop icon that alerted users if updates were available. The kernel will get patched if it needs to, but it's up to the distro vendors to include something "idiot proof" to yell if the system needs an update.

    --
    Forget thrust, drag, lift and weight. Airplanes fly because of money.
  9. this vulnerability announcement is a month old by Anonymous Coward · · Score: 5, Informative

    this hole was found and patched by vendors a month ago. i personally submitted to slashdot at least 10 stories detailing this hole and how to patch it, and i was quite obviously ignored.

    http://www.slackware.com/changelog/stable.php?cp u= i386
    "
    Wed Feb 18 03:44:42 PST 2004
    patches/kernels/: Recompiled to fix another bounds-checking error in
    the kernel mremap() code. (this is not the same issue that was fixed
    on Jan 6) This bug could be used by a local attacker to gain root
    privileges. Sites should upgrade to a new kernel. After installing
    the new kernel, be sure to run 'lilo'.
    For more details, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN- 2004-0077
    Thanks to Paul Starzetz for finding and researching this issue.
    (* Security fix *)
    "

    2.4.25 and 2.6.3 are NOT affected by this hole, and there is a patch for 2.4.24 which you can make yourself by diffing a vanilla 2.4.24 kernel with slackware 9.1's 2.4.24 kernel source package.

    CmdrTaco, before you post another "announcement" like this, do your homework. last thing we need is more security disinformation surrounding linux.