NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Various (Microsoft, SGI, Debian, SuSE)> 2009-q4

[security-announce] New Linux kernel privilege escalation - heads up notice

From: Marcus Meissner (meissnersuse.de)
Date: Wed Nov 04 2009 - 10:16:09 CST

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

A bug in the Linux kernels "pipe" system call implementation was found which
can be used by local attackers to gain root privileges.

CVE-2009-3547
http://www.openwall.com/lists/oss-security/2009/11/03/1

This problem affects all our currently maintained Linux products.

- SUSE Linux Enterprise Server 9 / Open Enterprise Server 1

Are affected. Updates are being prepared and will be released next week.
There is unfortunately no workaround possible.

- SUSE Linux Enterprise Server / Desktop 10 SP2,
Open Enterprise Server 2 SP1

  Are affected. Updates are being QA'ed and will be released begin of
  next week.
  There is unfortunately no workaround possible.

- SUSE Linux Enterprise Server / Desktop 10 SP3

Are affected. Updates are being QA'ed and will be released begin of
next week.

  A workaround is possible by enabling the MMAP null page exploitprotection
  by enabling the "mmap_min_addr" protection in this kernel, by doing (as root):
          echo -n 65536 > /proc/sys/vm/mmap_min_addr

  To keep this persistent over the next boot, you can also add it to
  /etc/sysctl.conf:
          vm.mmap_min_addr = 65536

(We did not enable this by default to avoid breaking legacy software.)

- SUSE Linux Enterprise Server / Desktop 11
openSUSE 11.0
openSUSE 11.1

Are affected by this problem, but the exploit can not be used to execute code,
just to cause a crash / "Oops".

The kernel is using the MMAP null page exploit protection by default and so
the exploit is not effective (will just lead to a Ooops).

You can verify the protection to be enabled by doing:
cat /proc/sys/vm/mmap_min_addr

A value larger than 0 means "enabled".

Updates that fix this issue will be published, but not in the same hurry as for
the older product lines.

The several days delay in getting Kernel updates out is due to kernel
QA taking around 4 days, as they include numbers of regressions, burn-in
and partner tests and careful evaluation of the generated results.

Ciao, Marcus

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iQEVAwUBSvGoyXey5gA9JdPZAQKeYwgAnMwEPa/b54F4jAmZXk8u+rNXjQBDzLWb
zlIzgpwuiT/lBMAmRlmN4PoOXVAz3eR1GBDwirAlQDEfdcxCew70chfQUJ4SVKkK
xLmXhbH33Y/hnPQZWrEYfPm1IAPVibFVHKWujIRJ9AI+NRrATihtPpIn/gCpTJEr
vgheECVxv2WpFfQKpPXeBtN/DcR7Oi1h0yvD5nZmLXXF62L+cElvwWWmE7iJahTa
/0HEpe1SBxBVm9/NVNW3u2f2UNqG+ibW4X1tLn0Ks/rwHJXqJAKkDCz9Dc7l8IOn
mpEYapLvFvXE5iy5ilTmmEhAu8E+dNfdS1z1dtdyiDqD1c5nHh88Kw==
=M//d
-----END PGP SIGNATURE-----

--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribeopensuse.org
For additional commands, e-mail: opensuse-security-announce+helpopensuse.org

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]