Local Root Hole in Linux Kernels 503
xepsilon writes "A local Linux security hole using ptrace has been discovered that allows a potential attacker to gain root privileges. Linux 2.2.25 has been released to correct this security hole, along with a patch for 2.4.20-pre kernels. 2.4.21 ought to contain this fix, once it is released. 2.5 is not believed to be vulnerable to this security hole. See this email from Alan Cox for details, and a patch."
Eek! (Score:2, Interesting)
Holy shit, this could be a problem.
Excuse me while I go patch my servers, which all of my developers have user-level access to, albeit very limited access.
New marketing ploy for TMF: get your security news before the 13-year-old 5<R1p7 <1|)|)135, since they don't have credit cards with which to subscribe.
Jouster
patched it already (Score:5, Interesting)
If you're running Redhat, RHN is a valuable tool that no admin should be without.
Kernel Patches (Score:0, Interesting)
A Windows vulnerability is discovered and it takes a week or more to get it taken care of.
The Linux kernel has a vulnerability and the patch is available immediately.
Who's a sysadmin to trust?
Time to patch my IIS^H^H^HKernel (Score:3, Interesting)
Those people willing to shout and hollor at every serious issue, screaming bloody murder because someone got it wrong, really pisses me off. Yes people get it wrong, they write insecure code from time to time. This issue and a number of those before it show that Linux has as many opportunities for exploitation as any other OS.
Re:Linux disclosure procedures? (Score:3, Interesting)
2) I think you worry about crackers knowing not hackers, hackers fix problems like this. Also as anyone in a production environment knows just because MS does not publish it does not mean that people dont know before they have a fix. Also the time to deploy a MS patch in production is much longer due to shutdowns and testing.
3) As opposed to almost *ALL* MS updates which requres a restart of every server in your company Woo Hoo!
4) ??? 5) Profit
Re:Linux disclosure procedures? (Score:2, Interesting)
A Windows vulnerability is discovered and it takes a week or more to get it taken care of.
The Linux kernel has a vulnerability and the patch is available immediately.
To all the windows bashers... (Score:5, Interesting)
I hate to say it, but this is kind of refreshing. This ins't a troll, so don't get me wrong...I'm a linux user myself. But after seeing the masses rip into MS yesterday when the thread about the IIS 5.0 hole was posted, I got a tad frustrated. Granted, I hate Microsoft as much as the next guy, but this just goes to show you that it's NOT just Microsoft that falls prey to holes and exploits. If it runs an OS, there's a chance it'll be cracked. Simple as that.
Hell, the linux kernel is without a doubt one of the most audited open source projects out there, and this bug STILL didn't surface until 2.4.20. Of course, I applaud the speed and availibility of patches and workarounds to the bug. Just remember, it happens to everyone.
Exploitable? (Score:5, Interesting)
I tried writing an exploit for this flaw, but I couldn't get far enough to inject any code. I managed to ptrace(PTRACE_ATTACH,
I'm not positive this is actually exploitable, but I'm not positive I took the correct approach, either. In any case, the most I've been able to do is spawn a slew of suspended root-owned processes. Not good, but not the end of the world, either. If someone has actually managed to exploit this flaw, I'd love to see some code so that I could see what I did wrong. Conversely, I'm willing to share the code I have upon request. I've only written code up to the current impasse, but once past this problem, the rest should be pretty trivial.
Where's Debian?? (Score:2, Interesting)
COME ON WAKE UP!
Re:patched it already (Score:3, Interesting)
Why isn't it possible to produce incremental binary patches containing just the diffs? Not only would it vastly increase the chances of people downloading them (which is good for everyone), it is good for Red Hat too since their bandwidth for up2date is slashed.
Now obviously there are times when incremental diffs are not useful, but with the proper safeguards (e.g. checksums and backing up originals etc.) I don't see what the problem is. If anyone from Red Hat or RPM land is listening, please consider implementing this feature. Pretty please with a cherry on top.
Re:I don't think so (Score:4, Interesting)
How about with "linux init=/bin/sh"?
Re:IT'S IN ENGLISH!!! (Score:5, Interesting)
Actually, Welsh has more vowels than English, and is spelt almost entirely phonetically. It's hard for English speakers to read since it uses the same characters to represent different sounds (Yes, I have had to listen to Alan rave about how wonderful Welsh is...). The most confusing thing I find about welsh is the way words 'mutate', that is to say their pronunciation changes depending on the syllable preceding or following them to make the sentence flow more easily.
It is sometimes useful to know a language that no-one else in the room speaks, and I think that this is one of Alan's reasons for learning, but I prefer Latin for this purpose. The structure is more logical.
Re:patched it already (Score:3, Interesting)
There is no 'hotfixing' or piece patching here. The result of the incremental diff is the same as installing the whole new version, just considerably easier to download. As I mentioned, a kernel update is 35mb of patches. I would be surprised if an equivalent incremental patch were more than a megabyte.
This and IIS exploit (Score:3, Interesting)
Re:I'm not going to patch. (Score:2, Interesting)
Rule of Thumb (Score:2, Interesting)
Re:How is Microsoft responsible? (Score:2, Interesting)
but that's besides the point. The OS has little to do with privelage escalation, anyway; it has everything to do with the programmers who write programs that will be suid.
Re:How is Microsoft responsible? (Score:2, Interesting)
So you are equating Microsoft to God. Interesting...
Although Voltair may have said "If God didn't exist it would be necessary to invent him" it is another matter as to whether Microsoft resembles Him. I would have said that Microsoft was just anouther popular-for-now company with nothing to fall back on. Nothing special in the long run.
However,if you want to be really picky, they have the advantage of existing and actually being pointable-to, unlike God.