Announcement

Collapse
No announcement yet.

Linux kernel security hole allows root access

Collapse
This topic is closed.
X
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    Linux kernel security hole allows root access

    A security hole in Linux kernels prior to 2.6.32 was announced today.

    It involves the mmap_min_addr system file found at

    /proc/sys/vm/mmap_min_addr

    Its default value is 0, which gives rise to the hole. You can set the value to something much larger, like 65536, and that will block the hole.

    Here is how. Open a Konsole. Enter

    sudo su

    then, as root, issue

    echo 65536 > /proc/sys/vm/mmap_min_addr

    Close Konsole.

    While this fixes the hole it also can cause problems with some VM services like WINE. Also, you'll have to repeat it with each boot up unless you add it to /etc/profile or some other script that runs during boot up.


    I expect that a fixed kernel will be appearing in the repository before the bad guys have a chance to exploit it. If you don't do this fix then be sure that when you test your firewall at grc.com's "Shields Up!" web site that all 1024 port give you solid greens. That means that you are essentially invisible to hackers on the web trying to test your ports for weaknesses. If you don't respond they can only infer your presence from upstream server behaviors, and most aren't good enough to do that, or want to take the time.

    Personally, I've got a great firewall so I am not going to worry about it.
    "A nation that is afraid to let its people judge the truth and falsehood in an open market is a nation that is afraid of its people.”
    – John F. Kennedy, February 26, 1962.

    #2
    Re: Linux kernel security hole allows root access

    One of the articles I read says that *buntu had this set to something other than 0 already, and there were only a few other distro that had this still set at the unsafe value, I think Red Hat was mentioned by name on this account.

    I just checked the setting on mine, and it was already a large number starting with 6, which confirms at least part of what I'd read.

    Comment


      #3
      Re: Linux kernel security hole allows root access

      You mean to say that this vulnerability only works if you don't have a firewall? Sheesh! If that's the case then the reports I've seen in the press are written by incompetents.

      Comment


        #4
        Re: Linux kernel security hole allows root access

        With no prior intervention ...

        dibl@karmic:~$ cat /proc/sys/vm/mmap_min_addr
        65536

        I don't care about wine -- I don't use it. I guess that makes me ..... HAPPY!

        Comment


          #5
          Re: Linux kernel security hole allows root access

          I just checked and my file says 65536 as well. I'm doubting the credibility of the original report.

          Comment


            #6
            Re: Linux kernel security hole allows root access

            I just tried it on a netbook, running sidux kernel 2.6.31. It gave 4096.

            Comment


              #7
              Re: Linux kernel security hole allows root access

              65536

              2.6.24-25-generic

              An intellectual says a simple thing in a hard way. An artist says a hard thing in a simple way. Charles Bukowski

              Comment


                #8
                Re: Linux kernel security hole allows root access

                And a machine running LinuxMint-7 last updated Apr17 also says 65536. Does anybody have a 0?

                Actually waitaminit, I just found one: Kubuntu 9.04 with 2.6.28-16-generic kernel (Oct-20). So it can happen.

                Comment


                  #9
                  Re: Linux kernel security hole allows root access

                  I am not certain what falls into the category vm, but I use both Wine and VirtualBox. I tested three systems.

                  $ uname -a && cat /proc/sys/vm/mmap_min_addr
                  Linux Alia 2.6.24-25-generic #1 SMP Tue Oct 20 07:31:10 UTC 2009 i686 GNU/Linux
                  65536

                  $ uname -a && cat /proc/sys/vm/mmap_min_addr
                  Linux vKarmic 2.6.31-14-generic #48-Ubuntu SMP Fri Oct 16 14:04:26 UTC 2009 i686 GNU/Linux
                  65536

                  $ uname -a && cat /proc/sys/vm/mmap_min_addr
                  Linux owner-desktop 2.6.28-16-generic #55-Ubuntu SMP Tue Oct 20 19:48:32 UTC 2009 x86_64 GNU/Linux
                  65536

                  Looks like I'm safe
                  Welcome newbies!
                  Verify the ISO
                  Kubuntu's documentation

                  Comment


                    #10
                    Re: Linux kernel security hole allows root access

                    On my Jaunty - 2.6.28-16-generic:
                    Code:
                    cat /proc/sys/vm/mmap_min_addr
                    65536
                    Windows no longer obstructs my view.
                    Using Kubuntu Linux since March 23, 2007.
                    "It is a capital mistake to theorize before one has data." - Sherlock Holmes

                    Comment


                      #11
                      Re: Linux kernel security hole allows root access

                      Originally posted by Ole Juul
                      You mean to say that this vulnerability only works if you don't have a firewall? Sheesh! If that's the case then the reports I've seen in the press are written by incompetents.
                      Haven't really digged into this, but AFAIK a null-point dereference kernel vulnerability can only be used to elevate privileges (user>root), so to exploit it one needs shell access to the system (ability to log into the system as a user)...so firewall is usually not essential in preventing these kinds of exploits.

                      Comment


                        #12
                        Re: Linux kernel security hole allows root access

                        @everybody who is getting 65536 as a value: I hate to rain on your parade, BUT:that number happens to be 2^16. i.e the first two bytes of the word are all 0 bits. This may be enough to allow the exploit. Without knowing how to read or write (as one of my former bosses used to say before he won the Nobel Prize), I just changed mine to 65535.

                        Comment


                          #13
                          Re: Linux kernel security hole allows root access

                          Originally posted by kubicle
                          Originally posted by Ole Juul
                          You mean to say that this vulnerability only works if you don't have a firewall? Sheesh! If that's the case then the reports I've seen in the press are written by incompetents.
                          Haven't really digged into this, but AFAIK a null-point dereference kernel vulnerability can only be used to elevate privileges (user>root), so to exploit it one needs shell access to the system (ability to log into the system as a user)...so firewall is usually not essential in preventing these kinds of exploits.
                          I certainly have little understanding of these things. What gets me is that vulnerabilities are sometimes reported that require some complex and very specific (even rare) conditions in order to function. In other words they are academic but reported as otherwise. This looks like it could be one of those.

                          askrieger: @everybody who is getting 65536 as a value: I hate to rain on your parade, BUT: that number happens to be 2^16. i.e the first two bytes of the word are all 0 bits. This may be enough to allow the exploit. Without knowing how to read or write (as one of my former bosses used to say before he won the Nobel Prize), I just changed mine to 65535.
                          Interesting. 65535 is also what is recommended in this report:
                          http://www.h-online.com/open/news/it...ss-850016.html

                          Comment


                            #14
                            Re: Linux kernel security hole allows root access

                            Originally posted by Ole Juul
                            What gets me is that vulnerabilities are sometimes reported that require some complex and very specific (even rare) conditions in order to function. In other words they are academic but reported as otherwise. This looks like it could be one of those.
                            I wouldn't call it purely academic, as it might cause issues in some multiuser environments...although I agree that it's not something most desktop users should be overly concerned about.

                            Media has a habit of "making headlines", of course. The basis of system security isn't that a system is infallible (no human-created system is), but that vulnerabilities are fixed in a timely fashion (in relation to how critical and wide a vulnerability is)

                            Incidentally, I'm already on lucid with 2.6.32 kernel, which should be unaffected.

                            Comment


                              #15
                              Re: Linux kernel security hole allows root access

                              Originally posted by kubicle
                              Originally posted by Ole Juul
                              You mean to say that this vulnerability only works if you don't have a firewall? Sheesh! If that's the case then the reports I've seen in the press are written by incompetents.
                              Haven't really digged into this, but AFAIK a null-point dereference kernel vulnerability can only be used to elevate privileges (user>root), so to exploit it one needs shell access to the system (ability to log into the system as a user)...so firewall is usually not essential in preventing these kinds of exploits.
                              If a bad guy is going to hack into your Kubuntu box it will, more than likely, be as the user, since remote access to root is not allowed and root has no password. After gaining access to the user account this exploit can be used to elevate priviledges. A good firewall will prevent a bad guy from hacking in.

                              Regardless, I suspect this hole will be patched before bad guys can exploit it to any useful extent. After all, it took them EIGHT MONTHS to capture only 700 poorly administered Linux boxes. That's a lot of work for such a small reward. 700 Linux zombies, as good as Linux is, cannot match the output of 1,300,000 Windows zombies.
                              "A nation that is afraid to let its people judge the truth and falsehood in an open market is a nation that is afraid of its people.”
                              – John F. Kennedy, February 26, 1962.

                              Comment

                              Working...
                              X