Fault found at Linux core

Critical vulnerability allows full root access

Mark Street

Linux users have been advised to upgrade to the latest stable kernel, after the discovery of a critical vulnerability in the core code.

System administrators will have to oversee kernel upgrades to remove the flaw, provisionally called CAN-2003-0961, which enables attackers to gain root access to vulnerable machines, yielding complete control, according to security analysts.

Advertisement

But worm attacks are unlikely, as the exploit requires a local user account.

Because the flaw is in the Linux kernel, the problem affects virtually every distribution of the operating system and several vendors have already confirmed that their products are vulnerable.

The vulnerability is in all releases of the kernel from version 2.4.0 to 2.5.69, but has been fixed in 2.4.23 and the 2.6.0 beta.

The Debian Project development team identified the flaw after their servers were compromised last month.

In its advisory note Debian said that the exploit used an integer overflow in the brk system call and that it was possible for an attacker to trick the kernel into giving access to the full kernel address space.

The weakness would allow any local user to escalate their privileges to root, and perform any task they chose on the system, the advisory note said.

Red Hat and the Debian Project have both released notices warning customers of the issue and providing information about fixes.

A raft of Linux-based products from other vendors, including MandrakeSoft, SuSE Linux and SCO, are also vulnerable unless patched.

Experts at security specialist Symantec explained that the flaw was the result of a simple programming error, and that remote attacks from outside the firewall were not possible.

"However this flaw allows kernel-level permission to run exploit code, so it is very powerful," said Kevin Hogan, manager of Symantec's Security Response team.

According to Symantec's analysis, the exploit that the attacker used to compromise the Debian servers is not publicly available, but is apparently circulating in the hacker underground.

Alain Dang Van Mien, of analyst firm Gartner, said the vulnerability showed that good patch management procedures are essential for all operating systems.

"There is always a lot of coverage around flaws in the Microsoft environment, and we forget that Linux can be affected by the same kinds of vulnerabilities," he commented.

In its October Global Internet Security Threat report, Symantec said: "Linux systems may well be the target of future attacks. Malicious-code writers are developing a greater sophistication in programming and more familiarity with the Linux operating system and its applications."

In 1998 Symantec observed the first example of a successful Linux worm, the Linux.ADM.Worm, which exploited a widely known vulnerability and compromised many systems.

However, after this outbreak, there were few successful malicious-code attacks on Linux. This period of inactivity ended with the emergence of the CAN-2002-0656 worm, also known as Linux Slapper, in September 2002.

Get the latest news, views and technology updates in a weekly round up of the Penguin's unstoppable march by signing up to vnunet.com's FREE Linux newsletter here.

  • Have your say
  • Send to a friend
  • Print
  • Digg
  • Reddit
  • Share

Tags:

Do you agree?

Further reading

Related whitepapers

Related jobs

Most watched

Motorola logo

Motorola demos femtocell hardware

Device combines femtocell, SIP softphone and digital photoframe

HTC Hero

Video: HTC Hero launch

Handset maker unveils its latest Android-based smartphone

IT white papers

Search white papers

Top categories

Poll

Poll: Summer smartphones

Poll: Summer smartphones

Which smartphone will you be taking to the beach this summer?

View poll results

Advertisement

Advertisement

Newsletter signup

Sign up for our range of FREE newsletters:

Existing User

Newsletter user login:

Enter email address to edit your newsletter preferences

Job of the week

Search thousands of IT jobs :

Search thousands of IT jobs:

Advanced search

Hiring now on ComputingCareers:

Related IT jobs

Search thousands of IT jobs :

Search thousands of IT jobs:

Advanced search

Spotlight

Overheating iPhones: Sorry I'll have to call you back, I'm in a heat wave

The heat wave may have broken in the UK, but...

Oracle

Oracle set to cut 1,000 staff in Europe

Firm sheds six per cent of European workforce to improve...

Cooling towers

Recession fuels growth in green IT initiatives

Green IT and cost-effective IT no longer mutually exclusive, says...

NXP showcases the future of silicon

We need to move "from living faster to living better",...

Primary Navigation