Multiple Flaws Identified in Linux Kernel 2.6
A number of flaws have been found to affect Linux Kernel, which local attackers could exploit to evade security systems and gain elevated privileges.
The discoverers of the issues are researcher Wojciech Purczynski from iSEC Security Research and another researcher who uses online name Qaaz. The duo found the vulnerabilities on February 9, 2008 and posted on MilwOrm.com with two exploit codes labeled, "Linux kernel 2.6.23 - 2.6.24 vmsplice Local Root Exploit" and "Linux kernel 2.6.17 - 22.214.171.124 vmsplice Local Root Exploit", as per the news published by SCMagazine on February 12, 2008.
According to security experts, these codes cannot be exploited from a distance and they do not influence Windows systems. However, two reasons prevail for IT administrators to be concerned about vulnerabilities in Linux Kernel version 2.6. First, the exploit code for vulnerability could be manipulated for potential attacks to be launched on Linux-based conditions, and secondly, an ill-intended insider could exploit the vulnerabilities to expose company's sensitive data.
However, researchers said that the Linux vulnerabilities or 'system call flaws', which got a "moderate risk" label from the French security response team FrSIRT and "less critical" from Secunia, the Danish vulnerability clearinghouse, seems to be sought out in the later versions of Linux Kernel 2.6.
According to Debian Security Advisory, DSA-1494-1, the real problem relates to the improper verification of the parameters in the "get_iovec_page_array()","vmsplice_to_user()," and "copy_from_user_mmap_sem()" functions prior to being used for some memory operations. These could fall prey to local attackers' exploitation for reading and writing to random kernel memory using a specially designed "vmsplice ()" system call. Hence, an attacker could obtain root system privileges.
The vulnerabilities, according to Secunia, first made their presence in Linux Kernel 2.6.17.
Mari Kirby Nichols, who handles SANS Internet Storm Center based in Bethesda, Maryland, said that the problems are potentially severe, although they have been rated as low threats by firms like Secunia. SearchSecurity published Nichols' statement on February 11, 2008.
According to FrSIRT, malicious local operators could exploit the Kernel flaws to result in Denial-of-Service (DoS) conditions or to expose sensitive data. Therefore, it recommends Linux users to upgrade to Kernel versions126.96.36.199 and 188.8.131.52, which are not flawed.
Related article: Multiple Flaws Found in Sun Java System ASP
» SPAMfighter News - 19-02-2008