Six-year old Linux bug Eventually Fixed

Six-year old Linux bug Eventually Fixed

Linux News

SUSE Linux News

RELATED NEWS

Indian Army's munitions disposal to take three months

7/7 London suicide bomber's widow remarries secretly

Myanmar grants visa to Suu Kyi's son

British kids learn how to hack off thieves' hands

Winslet ditches new boyfriend as she 'wants her own space'

Nuclear-powered 'space hopper' to leap across Mars

Elderly can blame low sodium for fractures and falls

Clairvoyance or hope? Youth predicts end to Kashmir sufferings

Federer, Nadal lift 2010 ATP awards

Assam hosts career fair for 'disabled'

By Partho, Gaea News Network
Friday, August 20, 2010

After six-years of unsuccessful fixing Linux kernel org finally devised a patch for critical privilege escalating bug. This hole could be exploited by hackers to execute code at the root from any GUI application. The flaw was reported on 17 June, and was addressed in two months. But, according to the security blog The H, SUSE Engineers claim that it was reported and patched in for SUSE in September, 2004. Interestingly, the patch was never updated for the kernel.

The critical bug went unnoticed until Rafal Wojtczuk, a Invisible Things Lab (ITL) researcher while working on an open source desktop virtualization tool found it. Moreover, the fix that was devised by Linux Travolds on 13 August was buggy itself. There were more fixes for it.

The kernel group reportedly extended their deadline for disclosure about the hole. According to the kernel org the bug was addressed in versions 2.6.27.52, 2.6.32.19, 2.6.34.4 and 2.6.35.2 of the kernel. Now its upon the distro makers to push the fix into the sites.

Few days later the patches were safely introduced in the new kernel release.
The details of the attack using the hole was written by Joanna Rutkowska

The attack allows a (unpriviliged) user process that has access to the X server (so, any GUI application) to unconditionally escalate to root (but again, it doesn’t take advantage of any bug in the X server!). In other words: any GUI application (think e.g. sandboxed PDF viewer), if compromised (e.g. via malicious PDF document) can bypass all the Linux fancy security mechanisms, and escalate to root, and compromise the whole system. The attack allows even to escape from the SELinux’s “sandbox -X” jail. To make it worse, the attack has been possible for at least several years, most likely since the introduction of kernel 2.6.

To exploit the bug attackers might

Target a system containing this specific vunerability- most of the server configurations do not run the user-accessible X.

Attackers might also find another vulnerability on that system, which is exploitable, like via PDF file
Transmit that file to the target user
Get users to view it on the target system

There is a debate about the seriousness of the hole among the experts. this was rated on high priority by Red Hat and kernel developer Greg Kroah-Hartman.
A bug is bug afterall, the Microsoft men are repeatedly accused if it takes them too long to fix a bug, so there can be any support to cover up Linux’s goof up.

NAME :	(REQUIRED)
MAIL :	(REQUIRED) will not be displayed
WEBSITE :	(OPTIONAL)

YOUR COMMENT :
	Submit Notify me of followup comments via e-mail

Older News