[ISN] Security group warns of hole in Linux kernel

From: InfoSec News (isn@private)
Date: Tue Jan 06 2004 - 02:38:40 PST

  • Next message: InfoSec News: "[ISN] Linux Security Week - January 5th 2004"

    http://www.nwfusion.com/news/2004/0105securgroup.html
    
    By Paul Roberts
    IDG News Service
    01/05/04
    
    Computer security researchers are again warning about a critical 
    vulnerability in the Linux kernel that could be used by malicious 
    hackers to take control of systems using the popular open source 
    operating system. 
    
    ISEC Security Research said Monday that it found a critical 
    vulnerability in code that is used to manage virtual memory on Linux 
    systems. The vulnerability affects versions of the Linux kernel up to 
    and including version 2.6 and would give low-level Linux users total 
    control over a Linux system. 
    
    ISEC, a noncommercial security research group based in Poland, 
    discovered the problem in kernel code for a component called "mremap," 
    according to a message posted by Paul Starzetz, an iSEC member. 
    
    The kernel is the core of the Linux operating system and provides 
    basic services for all other parts of the operating system such as 
    allocating processor time for the programs running on the computer and 
    managing the system's memory or storage. 
    
    Mremap provides functionality for managing virtual memory and is used 
    continuously by programs that have exhausted their allocation of 
    memory, or that have been allocated memory in excess of what they 
    need, according to Dave Wreski, chief executive officer of secure 
    Linux vendor Guardian Digital. 
    
    Attackers could use the vulnerability to create an invalid virtual 
    memory area (VMA), which could destabilize the Linux operating system 
    or allow a malicious user to run attack code on the system. Attackers 
    would need local user access to the vulnerable machine, but would not 
    need any special privileges on the Linux system to exploit the hole, 
    iSEC said. 
    
    Researchers at iSEC said they have developed test code to exploit the 
    mremap vulnerability.
    
    However, taking advantage of the hole will be more difficult for 
    outsiders, who will need to get user access to the machine they want 
    to compromise and then work backwards from the Linux kernel patches to 
    spot the flaw and write code to exploit it, Wreski said. 
    
    The warning follows news in December of another critical flaw in 
    version 2.4 of the Linux kernel. Malicious hackers used that 
    vulnerability to attack servers belonging to The Debian Project, which 
    produces the noncommercial Debian Linux distribution. 
    
    Critical Linux kernel vulnerabilities are rare and the disclosure of 
    two such holes within weeks of each other is unprecedented, Wreski 
    said. 
    
    The increase in the number of critical flaws may be the result of more 
    groups scrutinizing the security of the Linux source code, he said. 
    
    ISEC did a good job of coordinating with Linux vendors, working with 
    them for a month prior to publishing information on the mremap 
    vulnerability, Wreski said. 
    
    Guardian Digital and Red Hat released updated kernel packages on 
    Monday to fix the mremap security hole. ISEC encouraged Linux users to 
    fix vulnerable systems as soon as software patches became available 
    from their vendor. 
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomo@private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Tue Jan 06 2004 - 05:13:28 PST