X
Tech

Word up to Linux fan boys: Multiple Linux flaws show that Linux also has kernel issues

Not to defend Microsoft, as kernel exploits that provide privileged access are terrible flaws, but we had an interesting discussion in the talkbacks where several people acted as if Microsoft was the only place that could've made such mistakes.  Well, the proof is in the pudding that this is a common flaw across operating systems that is difficult to catch due to the complexities of kernel code.
Written by Nathan McFeters, Contributor

Not to defend Microsoft, as kernel exploits that provide privileged access are terrible flaws, but we had an interesting discussion in the talkbacks where several people acted as if Microsoft was the only place that could've made such mistakes.  Well, the proof is in the pudding that this is a common flaw across operating systems that is difficult to catch due to the complexities of kernel code.

Dann Frazier of Debian posted to Full Disclosure today about four vulnerabilities that allow local (this means you can't do it over the Internet, unless you've already compromised a user account in some way remotely, the same applied to the Windows flaw that I spoke of, but there were questions around what exactly local meant, it does not mean you have to sit at the box physically) attacks against the kernel that result in arbitrary code execution or Denial of Service conditions.  The contents of his email are posted below: 

CVE Id(s): CVE-2007-6694 CVE-2008-0007 CVE-2008-1294 CVE-2008-1375

Several local vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems:

CVE-2007-6694

Cyrill Gorcunov reported a NULL pointer dereference in code specific to the CHRP PowerPC platforms. Local users could exploit this issue to achieve a Denial of Service (DoS).

CVE-2008-0007

Nick Piggin of SuSE discovered a number of issues in subsystems which register a fault handler for memory mapped areas. This issue can be exploited by local users to achieve a Denial of Service (DoS) and possibly execute arbitrary code.

CVE-2008-1294

David Peer discovered that users could escape administrator imposed cpu time limitations (RLIMIT_CPU) by setting a limit of 0.

CVE-2008-1375

Alexander Viro discovered a race condition in the directory notification subsystem that allows local users to cause a Denial of Service (oops) and possibly result in an escalation of privileges.

For the stable distribution (etch), this problem has been fixed in version 2.6.18.dfsg.1-18etch3.

The unstable (sid) and testing distributions will be fixed soon.

We recommend that you upgrade your linux-2.6, fai-kernels, and user-mode-linux packages.

Some of these look to be pretty serious bugs.  The two newest do not have security focus entries yet, but as far as I'm aware there currently exists no public exploit code for this, which is a good thing.  It's also important to note, but this should be obvious, this doesn't just affect Debian, it's simply that the advisory came from Debian's folks today... so make sure you're fixing your system up, whatever *Nix flavor you like.

-Nate

Editorial standards