Topic: Bug exposes eight years of Linux kernel: Passes it's-not-crying-wolf test (Read 2270 times)

toasty0 · « **on:** August 15, 2009, 07:53:23 pm »

Linux developers have issued a critical update for the open-source OS after researchers uncovered a vulnerability in its kernel that puts most versions built in the past eight years at risk of complete takeover.

The bug involves the way kernel-level routines such as sock_sendpage react when they are left unimplemented. Instead of linking to a corresponding placeholder, (for example, sock_no_accept), the function pointer is left uninitialized. Sock_sendpage doesn't always validate the pointer before dereferencing it, leaving the OS open to local privilege escalation that can completely compromise the underlying machine.
...read more

Dash Jones · « **Reply #1 on:** August 16, 2009, 02:01:12 am »

In other news, MS also has a similar vulnerability, and now the newest version of this Trojan can also use your Windows Media Player, OR another player to hack into your Boot portion of the Hard drive and screw it over.

This Trojan keeps getting worse and worse (the programmers keep refining it) and yet MS still really hasn't done much to prevent it. They put in a stop gap measure and warning about it, but their stop gap at this point, from someone's machine which had the latest and greatest, shows that they've overcome MS's stop gap as well.

Of course he probably shouldn't have been going to the sites he was visiting in the first place...but this one is live and operating in the internet wilds...is the Linux one actually exploited like the MS one is yet?

Nemesis · « **Reply #2 on:** August 16, 2009, 04:23:07 am »

From my understanding this is a local exploit, you need to be at the machine for it to work, no "drive by" attacks. Also it is already patched.

toasty0 · « **Reply #3 on:** August 16, 2009, 09:31:14 am »

Quote from: Nemesis on August 16, 2009, 04:23:07 am

From my understanding this is a local exploit, you need to be at the machine for it to work, no "drive by" attacks. Also it is already patched.

Incorrect.

toasty0 · « **Reply #4 on:** August 16, 2009, 09:36:48 am »

Quote from: Dash Jones on August 16, 2009, 02:01:12 am

In other news, MS also has a similar vulnerability, and now the newest version of this Trojan can also use your Windows Media Player, OR another player to hack into your Boot portion of the Hard drive and screw it over.

This Trojan keeps getting worse and worse (the programmers keep refining it) and yet MS still really hasn't done much to prevent it. They put in a stop gap measure and warning about it, but their stop gap at this point, from someone's machine which had the latest and greatest, shows that they've overcome MS's stop gap as well.

Of course he probably shouldn't have been going to the sites he was visiting in the first place...but this one is live and operating in the internet wilds...is the Linux one actually exploited like the MS one is yet?

Interesting. Maybe if you post a link to the article describing this "Media Player exploit"--which is not a kernal level exploit--I might be able to give you an answer Dash.

Nemesis · « **Reply #5 on:** August 16, 2009, 09:05:47 pm »

Quote from: toasty0 on August 16, 2009, 09:31:14 am

Quote from: Nemesis on August 16, 2009, 04:23:07 am
From my understanding this is a local exploit, you need to be at the machine for it to work, no "drive by" attacks. Also it is already patched.

Incorrect.

You really do need to specify which part is incorrect.

I went to the links at the end of the article you quoted and found this:

Quote

This issue is easily exploitable for local privilege escalation. In order to exploit this, an attacker would create a mapping at address zero containing code to be executed with privileges of the kernel, and then trigger a vulnerable operation using a sequence like this:

Local privilege. At the least this becomes a multi level attack where you must launch one successful attack to get local privileges then attack this flaw to get to root access.

Quote

-------------------
Solution
-----------------------

Linus committed a patch correcting this issue on 13th August 2009.

So the patch is in.

toasty0 · « **Reply #6 on:** August 17, 2009, 08:26:01 am »

Good. Now to get folks to apply it.

EDIT: Which the article and posts like this make people aware of that there is a problem that needs to be fixed.

KBF-Kurok · « **Reply #7 on:** August 19, 2009, 11:56:15 am »

With Ubuntu and Linux mint the upgraded Kernels are made available as soon as they are finished and tested. It is really a simple matter of letting the updater do its thing and then rebooting into the new Kernel. The problem i have with windows is there are always some kinda security updates and patching almost daily gets to be a real pita. Also windows does alot of stop gap stuff that needs to be repatched over and over again that leaves your puter exposed. I like how Linux does things and their patches usually fix the problem not work around it.
Of course as i write this in dl all the drivers for xp and getting ready to reinstall it because OP dosent work correctly in nix.
Kurok

toasty0 · « **Reply #8 on:** August 19, 2009, 09:35:37 pm »

Toasty0 be dense. Toasty0 no understand. Toasty0 make post to alert Linux users about a possible security issue that need be addressed. Some forum members respond with rant about another OS "being worse".

How one link to other is mystery to Toasty0.

News: