Slashdot Mirror

← Back to Stories (view on slashdot.org)

5-Year-Old Linux Kernel Bug Fixed

Posted by Soulskill on from the must-have-been-union dept.

rastos1 sends in a report about a significant bug fix for the Linux kernel (CVE-2014-0196). "'The memory-corruption vulnerability, which was introduced in version 2.6.31-rc3, released no later than 2009, allows unprivileged users to crash or execute malicious code on vulnerable systems, according to the notes accompanying proof-of-concept code available here. The flaw resides in the n_tty_write function controlling the Linux pseudo tty device. 'This is the first serious privilege escalation vulnerability since the perf_events issue (CVE-2013-2049) in April 2013 that is potentially reliably exploitable, is not architecture or configuration dependent, and affects a wide range of Linux kernels (since 2.6.31),' Dan Rosenberg, a senior security researcher at Azimuth Security, told Ars in an e-mail. 'A bug this serious only comes out once every couple years.' ... While the vulnerability can be exploited only by someone with an existing account, the requirement may not be hard to satisfy in hosting facilities that provide shared servers, Rosenberg said."

18 of 127 comments (clear)

  1. This is the problem with Linux Security by metrix007 · · Score: 3, Insightful

    Linux and Greg K-H have both gone on record saying that security issues are just another type of bug, and don't deserve any type of special treatment.

    This is crap. A bug that allows remote code execution or even a DoS is a much, much bigger issues than fixing the user experience or minor stability issues.

    When you don't assign the significant to security issues that they deserve, they go unpatched for 5 years.

    It's kind of a concern.

    --
    If you ignore ACs because they are anonymous - you're an idiot.
    1. Re:This is the problem with Linux Security by metrix007 · · Score: 3, Interesting

      To expand on this, not only do they not assign security bugs the priority they deserve, they actively hide them.

      http://arstechnica.com/securit...

      FWIW, I love Linux and used Slackware for almost a decade.

      --
      If you ignore ACs because they are anonymous - you're an idiot.
    2. Re:This is the problem with Linux Security by Anonymous Coward · · Score: 5, Interesting

      Well it can't be patched before it was discovered but you seem to be implying this issue was known about 5 years ago.

      How long from when it was discovered did it take to be patched?

    3. Re:This is the problem with Linux Security by Wonko+the+Sane · · Score: 3, Interesting

      If the kernel developers allowed bugs to be clearly marked as security vunerabilities, then it would be trivial to use the Git commit history to identify the individuals who are merging these exploits into the kernel.

    4. Re:This is the problem with Linux Security by Microlith · · Score: 3, Insightful

      It's already trivial to do that. What would "clearly marking them as security vulnerabilities" gain?

    5. Re:This is the problem with Linux Security by wisnoskij · · Score: 3, Interesting

      I completely disagree. The reason I use a OS is because its features work and it doe snot crash all the time, I could not care less if it were 1% more secure.

      --
      Troll is not a replacement for I disagree.
    6. Re:This is the problem with Linux Security by Anonymous Coward · · Score: 5, Funny

      You know, Linux Torvaldx ix the guy who firxt xtarted writing the Linux kernel. He'x pretty famoux. I'm xurprixed you've never heard of him.

    7. Re:This is the problem with Linux Security by Anonymous Coward · · Score: 3, Interesting

      Was it? Where? The git commit linked in the article is for 2014-05-03. Given the number of fixes and revisions this patch went through, one has to actually hunt it down in the MLs to know.

      So, can you please point us to the source of your information?

    8. Re:This is the problem with Linux Security by Anonymous Coward · · Score: 2, Informative

      There's no such thing as "GIT report" mentioned anywhere here, only GIT commits and they're too recent...

      Did you mean CVE? CVEs reservation dates don't correspond with bug discovery date - for example, CVE numbered one less than this one is not even created yet, but it lists the same "20131203" reservation date.

    9. Re:This is the problem with Linux Security by metrix007 · · Score: 2, Interesting

      You should read up some more on the clash between security professionals and the Linux maintainers.

      Some bugs are more critical than others, and hiding them not to get negative attention or (rightfully) be pressured to fix them is pretty bad.

      --
      If you ignore ACs because they are anonymous - you're an idiot.
    10. Re:This is the problem with Linux Security by Bryan+Ischo · · Score: 4, Insightful

      Taking off-topic potshots against FOSS in response to a misinformed post which incorrectly describes the date of the bug report in response to a post which inaccurately maligns the attitude of kernel developers towards security bugs?

      For fuck's sake, we're three levels deep in FUD here. Someone throw me a rope so I can pull myself out of this quagmire of bullshit.

    11. Re:This is the problem with Linux Security by The123king · · Score: 2

      Bugs can be ancient. anyone remember that Windows VDM bug that affected every version of Windows based on NT? How is this bug different?

      Bugs have to be found, you can't expect every bug to just be easy to find. That's how things like Heartbleed, and the VDM bug don't get discovered for years. I'm sure there's probably bugs almost as old as Linux itself in the kernel, and i'm almost certain there's bugs in Windows affecting everything from 3.1 up.

      But yes, i'd be very suprised if this bug was reported 5 years ago. It's not unheard of in the Linux world, but it really shouldn't be happening, and thankfully happens rarely (and when it does, Slashdot has a field day)

      --
      If you gave me a choice between a printer and a giraffe with explosive diarrhoea, i'll get my ladder and my raincoat
    12. Re:This is the problem with Linux Security by metrix007 · · Score: 2, Interesting

      The OP does not inaccurately malign the attitude of the kernel develops towards security bugs. Their stance is widely known.

      --
      If you ignore ACs because they are anonymous - you're an idiot.
  2. I gotta say by Anonymous Coward · · Score: 2, Funny

    a "doe snot crash" sounds pretty bad to me. Just sayin'. Do you have deer hanging around your computer?

  3. 5 year old tempest in tty pot by stock · · Score: 3, Interesting

    The problem was well discussed in 2009 here : A tempest in a tty pot https://lwn.net/Articles/34382... The result was that after a heated debate, Alan Cox was blamed for allowing old code to stay because emacs would loose terminal output and Greg KH was simmoned to stepup as the TTY maintainer. The new TTY/PTY guys became James Simmons, the Frame-buffer guy and C. Scott Ananian, the former jack-of-all-trades for the One Laptop per Child Foundation. Curious enough it were not Linux server systems like RedHat Enterprise who have been vulnerable for almost 5 years, but the popular Linux desktop distro's like Ubuntu.

  4. POC doesn't work here. by ralphtheraccoon · · Score: 5, Interesting

    I read through the POC, it seemed safe enough to play with, so I've tried it out on a few different servers here (CentOS & Debian Stable). On the CentOS boxes it dies before it even gets started trying to overflow into a tty, and on my Debian machine it's been going for 5 minutes (using up to 90% CPU, but still leaving the machine quite usable), and still hasn't got anywhere.

    This isn't quite the "instant ROOT ACCESS!" privilege escalation that scares keeps sysadmins up at night. (unless I'm missing something...)

  5. Must mention microkernels by Megol · · Score: 2

    As something like this would be impossible with the driver executing in an isolated process. Memory corruption would still be possible of course (unless the driver was written in a secure language) but it would be local.

  6. openbsd by astar · · Score: 2

    Openbsd defines any potential security issue as a bug. Emphasis potential. The interesting actual exploits these days are sometimes 15 unexploitable glitches strung together.

    The Linux kernel is oriented towards supporting all the cutting edge hardware. This is not going to make security very practical. Openbsd is, ah, stodgy. But what openbsd brags on is "no remote holes in the default install" not "no local exploits".

    I think that Linus cannot fix this sort of issue. Theo could take lessons from Linus on nasty around systemd but Linus has not been consistently nasty and I think it too late.

    Send Theo money.