Slashdot Mirror

← Back to Stories (view on slashdot.org)

Root Privileges Through Linux Kernel Bug

Posted by timothy on from the who-needs-windows? dept.

Lars T. writes "The H has a story about a Linux kernel bug that allows root level access. 'According to a report written by Rafal Wojtczuk (PDF), a conceptual problem in the memory management area of Linux allows local attackers to execute code at root level. The Linux issue is caused by potential overlaps between the memory areas of the stack and shared memory segments.' SUSE maintainer Andrea Arcangeli provided a fix for the problem in September 2004, but for unknown reasons this fix was not included in the Linux kernel. The bug is not related to the X Server bug found by Brad Spengler." As the linked article notes: "SUSE itself has the fix and SUSE Linux Enterprise 9, 10 and 11 as well as openSUSE 11.1 through 11.3 do not exhibit this vulnerability."

5 of 131 comments (clear)

  1. Re:Unrelated? The PDFs are the same! by NeverVotedBush · · Score: 4, Insightful

    I think what it is is that the Xorg server is an easy attack vector for the Linux kernel memory management issue.

    The memory management issue is the thing that enables using a flaw in the X server to escalate privilege. If you fix the X server to not allow that kind of manipulation, you still have the kernel memory management issue that could be used by some other application to escalate privilege.

    I think that fixing the X server - one mitigation is to disable the MIT-SHM extension as discussed in the pdf - really reduces the exposure but since the real problem is in the kernel, it doesn't completely remove the threat.

    At least that is how I understand it...

  2. Re:Nothing to see here.... by JohnFluxx · · Score: 5, Insightful

    I don't agree that it's "nothing to see here" - something has gone wrong if it took 6 years for this to happen.

  3. Re:Nothing to see here.... by Americano · · Score: 4, Insightful

    Nothing to see here? Will you say the same thing when Microsoft waits 6 years to apply a fix to WinXP? :)

    Yes, these things are less likely to happen with Linux. That doesn't mean Linux kernel processes are above reproach, and can't be made more responsive & accountable in cases like this where somebody obviously dropped the ball on merging a patch somewhere. I hope they spend a little time reviewing how this got missed, to make sure it's not a flaw in their process that could allow it to happen again.

  4. Re:Linux! "It just works!" by Hatta · · Score: 4, Insightful

    Indeed, 5 years old and no exploit.

    How do you know?

    --
    Give me Classic Slashdot or give me death!
  5. Re:Wow! Linux is really Secure. by jours · · Score: 4, Insightful

    Look at this graph: http://linuxinsecurity.blogspot.com/

    Please do. Notice how the graphs show Windows with 10-12% of the issues unpatched?

    That's the problem. Well that and the missing graph showing "time to patch"...

    --
    This sig intentionally left blank.