Linux kernel exploit gets patched
Summary: A fix has been developed for a vulnerability in the Linux kernel that potentially leaves machines open to a privilege escalation exploit.
A fix has been developed for a vulnerability in the Linux kernel that was made public at the weekend.
The software flaw potentially leaves computers vulnerable to a privilege escalation exploit, which could be used to escalate a user or piece of software's privileges on the machine.
The exploit, which affects kernel versions 3.3 through to 3.8, was mentioned in a Common Vulnerabilities and Exposures request at the weekend.
The request detailed the vulnerability: "An unprivileged user can send a netlink message resulting in an out-of-bounds access of the sock_diag_handlers array which, in turn, allows userland to take over control while in kernel mode."
The vulnerability will be fixed in the Linux 3.9 kernel.
Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.
Talkback
Linux kernel exploit gets patched
You're presumably talking to the distros?
Why? Just allow normal updates surely?
I will be getting this in my next round of automatic updates. Not sure why Lovey wants to over-complicate it. I don't even need to point&click to get this update.
Regards from
Tom :)
Let's just hope then
Actionable proof-of-concept exploit code has been in the wild (known in the black-hat community) for at least 7 months.
ummm
Linux kernel exploit gets patched
No so fast!
What worse (much worse) is that *it has been exploited* and vulnerability information has been in the wild for at least half a year:
Two of the files in the tarball have timestamps of 2012-07-14. Of
course, this is no proof, but it does appear that the bug was privately
known since about July 2012. The README says:
"A trimmed down version of an old exploit for the recently published
`sock_diag_handlers[]' vulnerability :("
(http://thread.gmane.org/gmane.comp.security.oss.general/9500)
Go ahead an laud your swiss cheese OS. At the same time kernel.org, linuxfoundation.org and multiple other sites are routinely hacked by script kiddies using readily available vulnerabilities.
Sometimes a bug in one does nothing in another
This issue did not affect the versions of the kernel package as shipped with Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG 2.
CVE-2013-1763 affected all distros on kernel 3.3 and later
I'd give red hat a go if I were you...
I receive not only the updates and patches from them, but tailored emails to alert me to the patches, as well as what they are patching and why tailored to the packages on my systems. I'm also kept up to date regarding the online status of my machines.
The reason they run in the stable branch of Linux is exactly this; Debian are also still on 2.x kernels. "Outdated kernels" shows your misunderstanding. Linux runs in testing and stable. Most distros come from testing branch.
Remember there is no Linux. There is GNU/Linux; the Linux kernel with the GNU userland. You can build it up how you like; there is no current, because there is no Linux OS. Some distros don't even use the Linux kernel, though these are still in testing.
It is also worth noting that there is no evidence of a breach. Indeed user level access is required to exploit it. (It allows a user to obtain administrator privileges if executed successfully) so it's a priority to admins, but it's hardly a java fiasco.
Home users need not worry so long as they're existing security remains intact, remember it would seem to have been patched prior to exploit at this stage. Though of course make sure you've got your updates installing :) A risks go it's a priority, but no need to panic over. As I say, just makes sure you're up to date.
redhat and others
So what are those?
To my best knowledge, any vulnerability is checked against different versions. A vendor checks the versions it currently supports. If they are found vulnerable a patch is applied and kernel is updated.
BTW, for every Linux vulnerability a hacker has this pain in the a$$ to verify if he can do it to the particular system out of all those gazillion versions and distros. How would that be for MS Windows?
Suggest a secure system
Depends on price tag
My runtime of choice has always been AIX followed by RHEL but thats just my preference
Opinion
Call Oracle for help!
an exploit that takes a year to fix
Do you call a train crash "a fender bender?"
In all fairness
Whether their Q&A procedures are adequate is another discussion. The Linux kernel alone still experiences many more vulnerabilities then the entire Windows OS alone.
The vulnerability have been known to attackers since july 2012, and can have been used to compromise systems. The vulnerability allows an attacker to execute arbitrary code in *kernel* space. When that happens, it is game over. The vulnerability could only be exploited from a local user. But a local user is only a Firefox, Opera or Java bug away.
Links?
Any links to support this statement? Or it was only known to you. Then, to me it was known since 1991 :)
As far as your "Firefox, Opera or Java", no it's not remote exec code, you gotta find a corresponding vuln. in the mentioned browsers first.
Links
quote:
Two of the files in the tarball have timestamps of 2012-07-14. Of
course, this is no proof, but it does appear that the bug was privately
known since about July 2012. The README says:
"A trimmed down version of an old exploit for the recently published
`sock_diag_handlers[]' vulnerability :("
unquote
This is a discussion on the changeset which fixed the bug.
As for exploitability, consider how Linux is mostly used for servers, as servers Linux is most often used for some kind of PHP or RoR application which are notorious for bugs. Just a single bug in an application allows the attacker to run code at the server, and there are myriads to choose from.
Running at the server this vulnerability is *total pwnage*. Run apparmor, SELinux or whatever, when the bad guys are in kernel mode it is game over.
Good point
AppArmor will be useless against kernel exploits, when both have similar privilege.