From: InfoSec News (isnc4i.org)
Date: Tue Jan 06 2004 - 04:38:40 CST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

http://www.nwfusion.com/news/2004/0105securgroup.html

By Paul Roberts
IDG News Service
01/05/04

Computer security researchers are again warning about a critical
vulnerability in the Linux kernel that could be used by malicious
hackers to take control of systems using the popular open source
operating system.

ISEC Security Research said Monday that it found a critical
vulnerability in code that is used to manage virtual memory on Linux
systems. The vulnerability affects versions of the Linux kernel up to
and including version 2.6 and would give low-level Linux users total
control over a Linux system.

ISEC, a noncommercial security research group based in Poland,
discovered the problem in kernel code for a component called "mremap,"
according to a message posted by Paul Starzetz, an iSEC member.

The kernel is the core of the Linux operating system and provides
basic services for all other parts of the operating system such as
allocating processor time for the programs running on the computer and
managing the system's memory or storage.

Mremap provides functionality for managing virtual memory and is used
continuously by programs that have exhausted their allocation of
memory, or that have been allocated memory in excess of what they
need, according to Dave Wreski, chief executive officer of secure
Linux vendor Guardian Digital.

Attackers could use the vulnerability to create an invalid virtual
memory area (VMA), which could destabilize the Linux operating system
or allow a malicious user to run attack code on the system. Attackers
would need local user access to the vulnerable machine, but would not
need any special privileges on the Linux system to exploit the hole,
iSEC said.

Researchers at iSEC said they have developed test code to exploit the
mremap vulnerability.

However, taking advantage of the hole will be more difficult for
outsiders, who will need to get user access to the machine they want
to compromise and then work backwards from the Linux kernel patches to
spot the flaw and write code to exploit it, Wreski said.

The warning follows news in December of another critical flaw in
version 2.4 of the Linux kernel. Malicious hackers used that
vulnerability to attack servers belonging to The Debian Project, which
produces the noncommercial Debian Linux distribution.

Critical Linux kernel vulnerabilities are rare and the disclosure of
two such holes within weeks of each other is unprecedented, Wreski
said.

The increase in the number of critical flaws may be the result of more
groups scrutinizing the security of the Linux source code, he said.

ISEC did a good job of coordinating with Linux vendors, working with
them for a month prior to publishing information on the mremap
vulnerability, Wreski said.

Guardian Digital and Red Hat released updated kernel packages on
Monday to fix the mremap security hole. ISEC encouraged Linux users to
fix vulnerable systems as soon as software patches became available
from their vendor.

-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomoattrition.org with 'unsubscribe isn'
in the BODY of the mail.

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]