[ISN] Die-hard bug bytes Linux kernel for second time

From: InfoSec News <alerts_at_private>
Date: Thu, 16 Sep 2010 00:49:39 -0500 (CDT)
http://www.theregister.co.uk/2010/09/15/linux_kernel_regression_bug/

By Dan Goodin in San Francisco
The Register
15th September 2010

The Linux kernel has been purged of a bug that gave root access to 
untrusted users – again.

The vulnerability in a component of the operating system that translates 
values from 64 bits to 32 bits (and vice versa) was fixed once before – 
in 2007 with the release of version 2.6.22.7. But several months later, 
developers inadvertently rolled back the change, once again leaving the 
OS open to attacks that allow unprivileged users to gain full root 
access.

The bug was originally discovered by the late hacker Wojciech "cliph" 
Purczynski. But Ben Hawkes, the researcher who discovered the kernel 
regression bug, said here that he grew suspicious when he recently began 
tinkering under the hood of the open-source OS and saw signs the flaw 
was still active.

“I showed this to my friend Robert Swiecki who had written an exploit 
for the original bug in 2007, and he immediately said something along 
the lines of 'well this is interesting,'” Hawkes wrote. “We pulled up 
his old exploit from 2007, and with a few minor modifications to the 
privilege escalation code, we had a root shell.”

[...]


_______________________________________________________      
Subscribe to InfoSec News - www.infosecnews.org
http://www.infosecnews.org/mailman/listinfo/isn
Received on Wed Sep 15 2010 - 22:49:39 PDT

This archive was generated by hypermail 2.2.0 : Wed Sep 15 2010 - 22:52:36 PDT