tags:

views:

75

answers:

3
+2  Q: 

Unpatched Linux Kernel Vulnerabilities

I recently found out that there are several vulnerabilities in the linux kernel that allow for privilge escalation, that have not been patched yet in the major distributions, and have public exploits on the usual sources. For example, I could get root on any of my completely up to date Ubuntu 10.04 systems using this very simple exploit.

This kind of worries me. Two questions arise:

  • Why has the linux kernel not been patched for an exploit that has been around for 2 weeks? This sounds like a very dangerous situation to me.

  • Is there a safe way to give someone a guest account on my machine, given this situation? Or should I assume a guest account is more of a symbolic security, and only give accounts to people that I really trust.

A: 

Actually a patch was written on September 14th and can be found here and here. However this patch has not been merged over to the mainline. Kernel programming is very difficult. A patch can break compatibility or cause the system to behave incorrectly. Microsoft usually takes 1 month to write a patch for anything, even notepad.

Often times an attacker can compromise a user-level process such as one of your Daemons (unrealircd or sendmail). Or even more likely a web application like Wordpress or PHP-Nuke. At this point the attacker has a user account and can obtain root if he needs it. So privilege escalation exploit like this is often used in a chain with other exploits.

On a more concerning note Toravolds is notorious for silent patches. This is also a pastime that Microsoft enjoys.

Rook  2010-09-30 23:37:22
A: 
Karl Bielefeldt  2010-10-01 05:00:18
A: 

According to lwn.net :

For the more community-oriented distributions (Debian, Fedora, openSUSE, Ubuntu, and others), the response has been somewhat mixed. Ubuntu, Debian, and Fedora had fixes out on September 17 for both bugs (or, in the case of Debian, just one, as its stable distribution ("Lenny") is based on 2.6.26 and thus not vulnerable CVE-2010-3301). openSUSE has yet to release a fix and none of the secondary distributions that we track (Gentoo, Mandriva, Slackware, etc.) has put out a fix either.

So if your ubuntu is really up-to-date, it shouldhave been safe quite early. Plus I remember seeing the update relatively soon after the bug was announced.

So either the fix is incorrect, or your system are not updated correctly, and have not been for something like two weeks. Kernel updates need a reboot of your system.

Where is the programming question, by the way ?

shodanex  2010-10-01 08:04:32

related questions

grep a file, but show several surrounding lines?
VMWare Server Under Linux Secondary NIC connection
Should I move from C++ to Python? ... Or another language?
Globus Toolkit virtual machine
How to avoid redefining VERSION, PACKAGE, etc.
How do I setup Public-Key Authentication?
showing a message box from a bash script in linux
Best Linux Distro for Computer Repair
Mapping my custom keys in Debian
Any IcedTea war stories?
How do you find the age of a long-running Linux process?
Personal Linux web server
Programmatically talking to a Serial Port in OS X or Linux
what's in your .bashrc ?
Linux - files and scripts that execute on boot
Text Editor For Linux (Besides Vi)?
Lightweight IDE for Linux
Shell scripting input redirection oddities
XML Editing/Viewing Software
What should a longtime Windows user know when starting to use Linux?
Gtk SSH client for Linux?
Getting root permissions on a file inside of vi?
Is it possible to drag windows between workspaces when using Compiz?
GTK implementation of MessageBox
Is gettimeofday() guaranteed to be of microsecond resolution?