Bug in latest Linux gives untrusted users root access

Author	All Replies
matunga join:2003-07-26	Bug in latest Linux gives untrusted users root access A software developer has uncovered a bug in most versions of Linux that could allow untrusted users to gain complete control over the open-source operating system. The null pointer dereference flaw was only fixed in the upcoming 2.6.32 release candidate of the Linux kernel, making virtually all production versions in use at the moment vulnerable. »www.theregister.co.uk/2009/11/03···ability/
	to forum · permalink · · 2009-11-04 08:14:55 ·
Drunkula Premium join:2000-06-12 Denton, TX	Well to Matunga's credit, at least he pointed out there is a fix this time.
	to forum · permalink · · 2009-11-04 08:27:43 ·
KodiacZiller join:2008-09-04 73368	Old news. There have been a couple of these NULL dereference bugs making noise on the Linux mailing lists for a while now. Since it has already been fixed by everyone, I fail to see why this is even news? And the discoverer, Brad Spengler, while one of the best there is, also seems to have a major axe to grind with Linus. Perhaps it is because most of the kernel guys prefer SELinux over his GRsecurity?
	to forum · permalink · · 2009-11-04 08:47:16 ·
Link Logger Premium,MVM join:2001-03-29 Calgary, AB ·Shaw	said by KodiacZiller : Old news. There have been a couple of these NULL dereference bugs making noise on the Linux mailing lists for a while now. Since it has already been fixed by everyone, I fail to see why this is even news? Fixed by everyone, what does that mean? I mean while all the vendors might have it patched/fixed, it by no means indicates that all the users have updated etc. Often warnings aren't directed to the vendors themselves (they likely already know), but to their users so they know they need to update and even then they might not, but at least they have been told and their non-action is their choice (however sometimes they don't get to choose the consequences). Blake -- Vendor: Author of Link Logger which is a traffic analysis and firewall logging tool
	to forum · permalink · · 2009-11-04 08:55:08 ·
upb Premium join:2004-03-15 Carriere, MS ·AT&T Southeast	The workaround was published last August in the Slackware Security mailing list, but it applies to almost any distro. You simply make sure that you have a file named "/etc/sysctl.conf" which contains at least the following: # Hotfix for page zero security bug, as suggested by # Slackware security bulletin on 8-18-09: # "This will configure the kernel to disallow mmap() to userspace of any # page lower than 4096, preventing privilege escalation by CVE-2009-2692." vm.mmap_min_addr = 4096 I've tested the exploit out against machines configured in that way, and the exploit has always failed.
	to forum · permalink · · 2009-11-04 09:06:29 ·
SUMware Premium join:2002-05-21	reply to matunga Re: Bug in latest Linux gives untrusted users root access »www.theregister.co.uk/2009/11/03···ability/ quote: The latest bug is mitigated by default on most Linux distributions, thanks to their correct implementation of the mmap_min_addr feature. But to make RHEL compatible with a larger body of applications, that distribution is vulnerable to attack even when the OS shows the feature is enabled, Spengler said. A Red Hat spokeswoman said patches for the versions 4 and 5 of RHEL and MRG are available here. An update for RHEL 3 is in testing and should be released soon.
	to forum · permalink · · 2009-11-04 09:48:53 ·
Cabal Premium join:2007-01-21 Boston, MA	reply to matunga I don't have untrusted users.
	to forum · permalink · · 2009-11-04 09:49:06 ·
KodiacZiller join:2008-09-04 73368	reply to Link Logger said by Link Logger : said by KodiacZiller : Old news. There have been a couple of these NULL dereference bugs making noise on the Linux mailing lists for a while now. Since it has already been fixed by everyone, I fail to see why this is even news? Fixed by everyone, what does that mean? I mean while all the vendors might have it patched/fixed, it by no means indicates that all the users have updated etc. Often warnings aren't directed to the vendors themselves (they likely already know), but to their users so they know they need to update and even then they might not, but at least they have been told and their non-action is their choice (however sometimes they don't get to choose the consequences). Blake When I said "everyone" I meant all of the major distributions have already implemented work arounds (by adjusting the mmap_min_addr value in /proc). The only major distro not to fix it this way is Fedora (which is interesting since Fedora is usually one of the most security oriented distros). As for alerting users, most users shouldn't have to worry about it, or if they do, the updates will be pushed automatically by most distros anyway.
	to forum · permalink · · 2009-11-04 15:26:28 ·
Link Logger Premium,MVM join:2001-03-29 Calgary, AB ·Shaw	said by KodiacZiller : As for alerting users, most users shouldn't have to worry about it, or if they do, the updates will be pushed automatically by most distros anyway. Oh those evil automatic updates, funny how many people don't trust those. I believe in them, use them, but some people don't. Blake -- Vendor: Author of Link Logger which is a traffic analysis and firewall logging tool
	to forum · permalink · · 2009-11-04 16:01:58 ·


Tuesday, 15-Dec 02:15:23	Terms of Use \| Privacy Policy \| Hosting by www.nac.net - DSL,Hosting & Co-lo \| feedback \| contact over 10 years online! © 1999-2009 dslreports.com.republican-creole page compression OFF