Update: No new flaw in Linux kernel

A security researcher who discovered previous, critical flaws in the Linux kernel clarifies a story published yesterday by SearchEnterpriseLinux.com that incorrectly reported a new kernel bug.

A story published yesterday by SearchEnterpriseLinux.com incorrectly reported that a third mremap vulnerability

had been discovered in the Linux kernel.

Separate and unrelated flaws had been reported in the memory management system call in January and February. On March 1, researcher Paul Starzetz released an update to his initial advisory that a robust proof-of-concept exploit code had been produced for the flaw detailed in February.

"The vulerability is very easy to exploit once you have got local (shell) access to the system," Starzetz said in an e-mail to SearchEnterpriseLinux.com.

The flaws enable attackers to gain root access to vulnerable systems, Starzetz said.

"Both bugs have been found in the same piece of code. The first one [released Jan. 5] was due to invalid argument input to the mremap system call. The second [released Jan. 18] concerns an unchecked use of the do_munmap internal kernel function inside the mremap code which may be forced to fail by preparing the virtual memory of the calling process in a special way," Starzetz said.

The flaw, deemed critical, was discovered by Starzetz and his research team at Polish security consultancy ISec. Kernel versions up to and including 2.2.25, 2.4 to 2.4.24 and 2.6 and up are affected and should be repaired immediately by downloading fixes from kernel.org or a Linux distributor.

"Since no special privileges are required to use the mremap system call any process may use its unexpected behavior to disrupt the kernel memory management subsystem," said an alert from iSec. "Proper exploitation of this vulnerability leads to local privilege escalation giving an attacker full super-user privileges."

Dig deeper on Linux news and updates

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchDataCenter

SearchServerVirtualization

SearchCloudComputing

SearchEnterpriseDesktop

Close