Security group warns of hole in Linux kernel

[InfoSec News <isn () c4i org>]

http://www.nwfusion.com/news/2004/0105securgroup.html

By Paul Roberts
IDG News Service
01/05/04

Computer security researchers are again warning about a critical 
vulnerability in the Linux kernel that could be used by malicious 
hackers to take control of systems using the popular open source 
operating system. 

ISEC Security Research said Monday that it found a critical 
vulnerability in code that is used to manage virtual memory on Linux 
systems. The vulnerability affects versions of the Linux kernel up to 
and including version 2.6 and would give low-level Linux users total 
control over a Linux system. 

ISEC, a noncommercial security research group based in Poland, 
discovered the problem in kernel code for a component called "mremap," 
according to a message posted by Paul Starzetz, an iSEC member. 

The kernel is the core of the Linux operating system and provides 
basic services for all other parts of the operating system such as 
allocating processor time for the programs running on the computer and 
managing the system's memory or storage. 

Mremap provides functionality for managing virtual memory and is used 
continuously by programs that have exhausted their allocation of 
memory, or that have been allocated memory in excess of what they 
need, according to Dave Wreski, chief executive officer of secure 
Linux vendor Guardian Digital. 

Attackers could use the vulnerability to create an invalid virtual 
memory area (VMA), which could destabilize the Linux operating system 
or allow a malicious user to run attack code on the system. Attackers 
would need local user access to the vulnerable machine, but would not 
need any special privileges on the Linux system to exploit the hole, 
iSEC said. 

Researchers at iSEC said they have developed test code to exploit the 
mremap vulnerability.

However, taking advantage of the hole will be more difficult for 
outsiders, who will need to get user access to the machine they want 
to compromise and then work backwards from the Linux kernel patches to 
spot the flaw and write code to exploit it, Wreski said. 

The warning follows news in December of another critical flaw in 
version 2.4 of the Linux kernel. Malicious hackers used that 
vulnerability to attack servers belonging to The Debian Project, which 
produces the noncommercial Debian Linux distribution. 

Critical Linux kernel vulnerabilities are rare and the disclosure of 
two such holes within weeks of each other is unprecedented, Wreski 
said. 

The increase in the number of critical flaws may be the result of more 
groups scrutinizing the security of the Linux source code, he said. 

ISEC did a good job of coordinating with Linux vendors, working with 
them for a month prior to publishing information on the mremap 
vulnerability, Wreski said. 

Guardian Digital and Red Hat released updated kernel packages on 
Monday to fix the mremap security hole. ISEC encouraged Linux users to 
fix vulnerable systems as soon as software patches became available 
from their vendor. 



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.