BWAHAHAHAHHAHAHAHA! I have been saying for years that linux is insecure and here we have the proof. How do you linux fanboys feel now knowing that I was right and you were wrong? LOL!!! And its been there for years! Don't forget to start your compilers, might want to do it over night as its going to be a while. Glad I don't have to worry about such vulnerabilities.
Highly exploitable Linux kernel bug found, patched
Summary
A hole has been found in Linux kernel versions stretching back eight years that is 'as trivial as it can get to exploit', according to the Google employees who discovered it.
Topics
A hole has been found in Linux kernel versions stretching back eight years that is 'as trivial as it can get to exploit', according to the Google employees who discovered it.
Julien Tinnes and Tavis Ormandy, the security researchers who discovered the vulnerability, have already issued a patch for the flaw. According to a blog post written by Tinnes on Thursday, the hole "affects all 2.4 and 2.6 kernels since 2001 on all architectures", and is "the public vulnerability affecting the greatest number of kernel versions".
While the kernel hole allows only local privilege escalation, the vulnerability is widespread, said the researchers.
"The issue lies in how Linux deals with unavailable operations for some protocols. sock_sendpage and others don't check for Null pointers before dereferencing operations in the ops structure," Tinnes wrote. "Instead the kernel relies on correct initialization of those proto_ops structures with stubs (such as sock_no_sendpage) instead of Null pointers."
Tinnes said that, as the vulnerability leads to the kernel executing code at Null, it is "as trivial as it can get to exploit".
"An attacker can just put code in the first page that will get executed with kernel privileges," Tinnes wrote.
In an advisory published on Neohapsis on Thursday, Ormandy wrote that an attacker could exploit the vulnerability by creating a mapping at address zero containing code to be executed with privileges of the kernel, thus triggering a vulnerable operation.
The Red Hat team issued an official mitigation recommendation on Friday, in which they called for the affected protocols to be blacklisted in order to stop Tinnes and Ormandy's publicly circulated exploit from working properly on Red Hat Enterprise Linux.
This article was originally posted on ZDNet UK.
Talkback Most Recent of 125 Talkback(s)
-
Loverock Davidson17th Aug 2009 -
Ignorance is bliss
Of course you don't have to worry about vulnerabilities that you don't know about.
The Linux crowd can worry about them and fix them because they are open for anybody to fix.
This is proof that the Linux way is safer than Windows.
rarsa17th Aug 2009 -
You must be the most blissful person around then
This bug has been available for the many eyes to see for 8 years!!! In that time not a single person has noticed this error - well maybe lots did but didn't tell anyone. They could have been using this to exploit systems for years without anyone knowing. It has not proven Linux to be any safer at all!
planruse17th Aug 2009 -
It is
I don't have to worry about linux vulnerabilities because I wouldn't trust linux in any environment. That makes me safer than any linux user.Loverock Davidson17th Aug 2009 -
BWAHAHAHAHA
I feel good as a matter of fact, now that you feel good about it...go play with your Windows other 57000 vulnerabilities!
Toodles
linuxer18th Aug 2009 -
Did you miss the "local" part?
This isn't like the remote code execution
vulnerabilities common to Windows.
You have to already have local access to use
this.
As in, physically be at the computer, or
convince somebody who is to run your malicious
code.
And guess what, lol? Even if this wasn't
the case, do you actually think that one
(fixed) vulnerability makes up for the
countless ones in windows? LOL!!
AzuMao9th Sep 2009 -
LOL! I can't stop laughing
To think all those people who used linux were saying how much more secure it was when its been vulnerable for years upon years, something any of us knew already and why we chose not to run it. Add on to this the whole telnet port being wide open and its amazing why anyone would voluntarily choose to use this OS.
This shows that when you have too many people messing with your code you will produce a shoddy product. Too many people are overlapping with the code and this vulnerability is exactly what happens. With linux its always compile, compile, compile! What a hassle.Loverock Davidson17th Aug 2009 -
It is patched now..
which is good but it does raise some other points. OSS advocates bang on about how anyone can review the code which makes Linux more secure. If no one is helping co-ordinate all these code reviewers then what is stopping all these people looking at the same code over and over again. This has been there 8 years and no one has either looked, or had the skill to notice, this problem. This is a genuine question - Is the code marked with a last reviewed date as well as who reviewed it?planruse17th Aug 2009 -
Not acceptable for Windows. So it's not acceptable for Linux.
It is patched now..
The vulnerability exploited by Conficker was patched prior to Confickers release but we still, 10 months later, continue to see ABMers bring it up.
ye17th Aug 2009 -
Agreed
Agreed that it is unacceptable for both, but also agree that both are patched and that we need to learn from the mistakes made rather than take pot shots or make excuses.
Michael Kelly17th Aug 2009 -
Just pointing out the hypocrissy.
I think the reason you're seeing "pot shots" is due to the pot shots made by ABMers towards Microsoft.
Perhaps this incident will show that all software has bugs and some of those bugs will have security implications. Something that's been explained to the ABMers countless times yet they continue to ignore.ye17th Aug 2009 -
Fixing the flaw
But the main difference here between Linux and propriatary OSs is the people
who found the hole could also submit a patch for it. They didn't have to wait for
some third party to get around to updating.
chromeronin17th Aug 2009 -
yEP
its nice to be able to afford nice things. Why, I may even pay for two licenses of 7 and just let one sit on the shelf unopened for no better reason then just to have said that I did it.
"The views expressed here are mine and do not reflect the official opinion of my employer or the organization through which the Internet was accessed."
gnesterenko17th Aug 2009 -
@gnesterenko: Be more efficient ...
... pay people to go around installing malware, disrupt standards and upgrading peoples machines from a relatively stable version of Windows to a newer less stable one.
Direct action, that's the key
fr0thy217th Aug 2009 -
Is it really patched?
I know the patch is there, but does Linux have a patch Tuesday? How are all of your netbook users (3% of them) going to update their systems? How are they notified? This is why Linux should never be used for a desktop OS. It takes a sysadmn who stays on top of these things to keep them running. A regular user cannot perform proper maintenance on a Linux box.
MadWhiteHatter10th Sep 2009
Talkback - Tell Us What You Think
The best of ZDNet, delivered
ZDNet Newsletters
Get the best of ZDNet delivered straight to your inbox
Facebook Activity
