Slashdot Mirror

← Back to Stories (view on slashdot.org)

Exploits Emerge For Linux Privilege Escalation Flaw

Posted by samzenpus on from the protect-ya-neck dept.

angry tapir writes "Linux vendors are rushing to patch a privilege escalation vulnerability in the Linux kernel that can be exploited by local attackers to gain root access on the system. The vulnerability, which is identified as CVE-2012-0056, was discovered by Jüri Aedla and is caused by a failure of the Linux kernel to properly restrict access to the '/proc//mem' file."

11 of 176 comments (clear)

  1. Hrrm by Anonymous Coward · · Score: 5, Insightful

    If someone is in a position to run a local exploit, aren't you pretty much fucked anyways?

    1. Re:Hrrm by Anonymous Coward · · Score: 5, Informative

      I was with you up until Rule #3 which is nonsense.

  2. Re:Local exploit? by Lumpio- · · Score: 5, Informative

    A weak SSH user account/PHP script/whatever + local privilege escalation = instant remote root

  3. Link to more info by milbournosphere · · Score: 5, Informative
    It's a geekier breakdown, but is quite informative.

    http://blog.zx2c4.com/749

    Gets into the memory specifics of the bug. I found it to be far better than the actual article.

  4. Re:iOS now has more marketshare than Android by tqk · · Score: 5, Funny

    Pardon me, but I'm going to go watch Firefly now, as it appears none of you make any sense. Bye.

    --
    "Tongue tied and twisted, just an Earth bound misfit ..." -- Pink Floyd.
  5. Debian (mostly) not affected by Trogre · · Score: 5, Informative

    Since this bug was introduced in Linux 2.6.39 Debian Stable (squeeze, Linux 2.6.32) is not affected. Unstable(sid, Linux 3.1) has already been patched, though Testing (wheezy) is still vulnerable.

    More information here

    --
    "Nine times out of ten, starting a fire is not the best way to solve the problem." - my wife
  6. Re:Broken on Android too by Abreu · · Score: 5, Funny

    Wuh, I think so, Brain, but if we didn't have ears, we'd look like weasels

    --
    No sig for the moment.
  7. Re:Local exploit? by BasilBrush · · Score: 5, Funny

    so someone has to be sitting in front of the boxen to exploit the exploit, why not just init 1?

    Or they could use axen to destroy the boxen. Or set some foxen on them to tear them to pieces. Or they could fill the boxen with melted waxen. Or bury them in faxen. This exploit is usable by people of both sexen, so long as they pay their taxen.

  8. Simple explanation by Chemisor · · Score: 5, Informative

    There is /proc/pid/mem, a pseudofile referring to the memory of process pid. It has 0600 permissions so you can't write to the memory of other users' processes. The bug occurs when you exec an suid executable and the kernel does not change open fds for /proc/pid/mem. This way, you can open mem, dup it to stderr, and exec su with a garbage parameter. su will duly print an error, quoting the offending parameter, writing to its process memory. With a properly selected shellcode you can get root.

  9. Proof you are 100% wrong per your request by Zero__Kelvin · · Score: 5, Insightful

    Again, you don't know what security through obscurity means. If the access to the code or other design that implements the security breaks it, then that is security through obscurity. All security relies on a secret known by one party, but unknown to others. This has absolutely nothing to do with security by obscurity.

    --
    Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
  10. Re:Broken on Android too by NeoMorphy · · Score: 5, Funny

    Really? This bug was only present in kernel releases 2.6.39 and newer. Do any Android devices use kernel's based on a Linux this current? A quick search says Android 2.3. used 2.6.35 and 3.0 used 2.6.36 so the number of devices this might possibly help you root looks miniscule.

    I am replying with my new Asus Transformer Prime, which is running ICS(Android version 4.03), kernel is 2.6.39.4.

    I'm thinking this bug is God's way of saying "You are loved. Now go forth and exploit your tablet!"