Multiple Linux flaws show that Linux also has kernel issues

Sat, 03 May 2008 16:45:45 -0000

Highlights and Sticky Notes:

Nathan McFeters is a Senior Security Advisor for Ernst & Young's Advanced
Security Center in Chicago. The views and opinions expressed in this article are
his own and do not represent the views and opinions of Ernst & Young Advanced
Security Center or Ernst & Young, LLP. Nathan has performed web application,
deep source code, Internet, Intranet, wireless, dial-up, and social engineering
engagements for numerous clients in the Fortune 500 during his career at Ernst &
Young and has spoken at a number of prestigious conferences, including Black
Hat, DEFCON, ToorCon, and Hack in the Box. He can be found at his Pwn* blog and
XS-Sniper, a blog with Billy Rios. See his full profile and disclosure of his
industry affiliations.

Some of these look to be pretty serious bugs. The two newest do not have
security focus entries yet, but as far as I’m aware there currently exists no
public exploit code for this, which is a good thing. It’s also important to
note, but this should be obvious, this doesn’t just affect Debian, it’s simply
that the advisory came from Debian’s folks today… so make sure you’re fixing
your system up, whatever *Nix flavor you like.

For the stable distribution (etch), this problem has been fixed in version
2.6.18.dfsg.1-18etch3.
The unstable (sid) and testing distributions will be fixed soon.
We recommend that you upgrade your linux-2.6, fai-kernels, and user-mode-linux
packages.

Alexander Viro discovered a race condition in the directory notification
subsystem that allows local users to cause a Denial of Service (oops) and
possibly result in an escalation of privileges.

David Peer discovered that users could escape administrator imposed cpu time
limitations (RLIMIT_CPU) by setting a limit of 0.
CVE-2008-1375

CVE-2008-0007
Nick Piggin of SuSE discovered a number of issues in subsystems which register
a fault handler for memory mapped areas. This issue can be exploited by local
users to achieve a Denial of Service (DoS) and possibly execute arbitrary code.
CVE-2008-1294

CVE-2007-6694
Cyrill Gorcunov reported a NULL pointer dereference in code specific to the
CHRP PowerPC platforms. Local users could exploit this issue to achieve a Denial
of Service (DoS).

Dann Frazier of Debian posted to Full Disclosure today about four
vulnerabilities that allow local (this means you can’t do it over the Internet,
unless you’ve already compromised a user account in some way remotely, the same
applied to the Windows flaw that I spoke of, but there were questions around
what exactly local meant, it does not mean you have to sit at the box
physically) attacks against the kernel that result in arbitrary code execution
or Denial of Service conditions. The contents of his email are posted below:

Not to defend Microsoft, as kernel exploits that provide privileged access are
terrible flaws, but we had an interesting discussion in the talkbacks where
several people acted as if Microsoft was the only place that could’ve made such
mistakes. Well, the proof is in the pudding that this is a common flaw across
operating systems that is difficult to catch due to the complexities of kernel
code.

Tags: Nathan McFeters kernel Linux Debian

Posted by: moshler

Moshler's Favorite Links on Debian from Diigo

Multiple Linux flaws show that Linux also has kernel issues