Linux News
The world is talking about GNU/Linux and Free/Open Source Software

Ya gotta wonder...

Story: Linux exploit gets around security barrier

Total Replies: 9

Author	Content
helios Jul 21, 2009 4:44 PM EDT	This story is written as if the exploit is unchecked and a critical threat...yet the first comment...the only comment states: This has already been fixed in kernel 2.6.30.2 For instance see the change log at http://www.kernel.org... search for commit 76f578b630347be522b6df7917013fd0712612e5 Author: Eugene Teo Date: Wed Jul 15 14:59:10 2009 +0800 Posted by sean lynch on Wednesday, July 22 2009 03:05 AM Is anyone going to tell me that the person aware of the exploit didn't know about the fix? I am more prone to bet that the author or who ever paid the author wanted the search engines to pick this up and run with it. Looks like it worked...both LXer and LT picked it up. That would be my guess. The desired result is multitudes of people running around in circles with their arms flailing wildly in the air and screaming: "LINUX VIRUS - LINUX VIRUS" And if you are still running the .18 Kernel, then that's gonna be a lick on ya. h
softwarejanitor Jul 21, 2009 5:04 PM EDT	@helios Is this even a remote exploitable vulnerability? And if it is, is it a practical one with actual exploits in the wild or is it more theoretical at this point? If it isn't, then it does look like they are trying to make this sound worse than it really is. Not to say people shouldn't upgrade their kernels ASAP of course.
Sander_Marechal Jul 21, 2009 5:09 PM EDT	I think that this is the Red Hat exploit posted yesterday. If so, it is a valid exploit but it only affects the last two Red Hat releases and IIRC has a patch available.
moopst Jul 21, 2009 5:10 PM EDT	Quoting:"The compiler will introduce the vulnerability to the binary code, which didn't exist in the source code," wrote Zdrnja. "This will cause the kernel to try to read/write data from 0x00000000, which the attacker can map to userland--and this finally pwns the box." Sounds like you need an account on the machine and you need gcc on the machine. Don't most admins remove gcc from a web facing server?
jdixon Jul 21, 2009 5:10 PM EDT	> Is this even a remote exploitable vulnerability? As I understand it, no. It's strictly a privilege escalation vulnerability. But yes, there is an exploit out. The only folks who have to be concerned, AFAIK, are RHEL users. I'm sure Red Hat has a backport fix in the works as we speak.
number6x Jul 21, 2009 5:27 PM EDT	I'm the guy who put the first comment out there I'm using one of the kernels affected and saw the update come through yesterday. I figured it would be a good thing to post to keep the discussion realistic. Problem found Problem solved No Problem BTW I'm running Ubuntu 9.04, but using kernel 26.30.2 The patches were made to the Linux kernel by a RH employee, so I would assume RH was ready with the patch before anyone else. The Ubuntu version was available yesterday evening. http://kernel.ubuntu.com/~kernel-ppa/mainline/v2.6.30.2/ (This is not the standard ubuntu release kernel) I'm using it to get around the intel driver regression problem in 9.04
caitlyn Jul 21, 2009 5:34 PM EDT	@helios: Red Hat sticks with the same kernel version through the life of an enterprise product. However, they heavily backport patches and additional hardware support. The 2.6.18 kernel they use is really a Frankenkernel that they support and, at last count, had been patched and rebuilt over 160 times since the release of RHEL 5. Thankfully Red Hat has the quality and quantity of kernel engineers to maintain it. So... users of CentOS and RHELL really don't have more to worry about because of the old kernel version.
tracyanne Jul 21, 2009 5:46 PM EDT	Quoting:I'm using it to get around the intel driver regression problem in 9.04 That could explain why the RealTek ra2680 card won't work properly on the MSI netbook I have, when I install Ubuntu, but it doesn't explain why exactly the same problem occurs with Mandriva 2009.1 on the same machine. Installing EEEEBuntu fixes the wireless problem, but introduces a suspend/Hibernate problem..... it won't. The only way I've found that ensures that wireless and suspend/hibernate work is to install Karmic Koala Alpha 2. I've yet to try Mandriva 2010.0 alpha, or any other distro.
helios Jul 21, 2009 6:22 PM EDT	figured it would be a good thing to post to keep the discussion realistic. Thank you...there will be enough circle-running, arm-flailing and screaming the way it is.
helios Jul 21, 2009 6:23 PM EDT	@ Caitlyn So... users of CentOS and RHELL really don't have more to worry about because of the old kernel version. That's good information to know...and of course for the reasons stated above it. Kind of puts the damper on any hysteria that would normally ensue. Oh and trust me...I know hysteria. Now I am going to apply that patch so my Intel 945 chipset might run Penumbra

Posting in this forum is limited to members of the group: [ForumMods, SITEADMINS, MEMBERS.]

Becoming a member of LXer is easy and free. Join Us!