Researcher releases exploit codes for Linux kernel 2.6 flaws

By

A researcher has released exploit codes for newly discovered Linux kernel 2.6 flaws which could permit attackers to gain root-system privileges they can use to steal data or mount denials of service on Linux-based systems.


Calling himself “qaaz,” the researcher on Saturday posted on the MilwOrm.com site two exploits labeled “Linux kernel 2.6.17 – 2.6.24.1 vmsplice Local Root Exploit” and "Linux kernel 2.6.23 – 2.6.24 vmsplice Local Root Exploit.”

However, the Linux flaws – system call vulnerabilities which have been labelled a “moderate risk” by FrSIRT, theFrench security response team,  and “less critical” by Danish vulnerability clearinghouse Secunia – apparently already have been fixed in newer versions of Linux kernel 2.6, researchers said. Secunia also said in its advisory that the Linux flaws can only be exploited from local systems.

Researchers cautioned that although the new vulnerabilities apparently cannot be exploited remotely, the potential for a root-level exploit offered by the kernel flaws may give attackers access to sensitive data on servers running the flawed version of Linux.

Multiple vulnerabilities were discovered late last week by Wojciech Purczynskiof of iSEC Security Research in “vmsplice” functions in the kernel 2.6 operating system that are not being properly verified before being used to perform memory operations — rendering them vulnerable to exploits that bypass security restrictions and enable attackers to obtain elevated privileges.

According to Secunia, the vulnerabilities first appeared in Linux kernal version 2.6.17.

“These issues are caused by errors in the “vmsplice_to_user(),” “copy_from_user_mmap_sem(),” and “get_iovec_page_array(),” [fs/splice.c] functions that do not validate user-supplied data before being used, which could be exploited by malicious users to read or write arbitrary memory data, and execute malicious code with elevated privileges,” FrSIRT said, in a warning posted on Monday.

FrSirt said the kernel vulnerabilities could be exploited by “malicious local users” to cause a denial of service or to disclose sensitive data, and recommended that Linux users upgrade to kernel versions 2.6.23.16 or 2.6.24.2, which do not have the flaws.

See original article on scmagazineus.com
Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:
linux securitysecurity

Sponsored Whitepapers

Gaining a Competitive Advantage with Communication APIs
Gaining a Competitive Advantage with Communication APIs
Leverage Technologies: Industry-Tailored ERP Implementation for Growth and Compliance
Leverage Technologies: Industry-Tailored ERP Implementation for Growth and Compliance
Service Over Signatures: The Truth About No Lock-In IT
Service Over Signatures: The Truth About No Lock-In IT
Wasabi Reveals Hidden Costs and Cloud Storage Shifts in ANZ for 2025
Wasabi Reveals Hidden Costs and Cloud Storage Shifts in ANZ for 2025
Datacom + Microsoft Azure: Turn Ideas Into Impact in Just 4 Weeks
Datacom + Microsoft Azure: Turn Ideas Into Impact in Just 4 Weeks

Events

Most Read Articles

CBA using facial recognition logins to verify disputed payments

CBA using facial recognition logins to verify disputed payments
Qantas contacted by "potential cyber criminal"

Qantas contacted by "potential cyber criminal"
SA Power Networks tackles IAM, cloud security under five-year strategy

SA Power Networks tackles IAM, cloud security under five-year strategy
Top US diplomat impersonated with AI by unknown actor

Top US diplomat impersonated with AI by unknown actor
techpartner.news logo
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
"It's an exciting time to be part of the health and aged care sector"
"It's an exciting time to be part of the health and aged care sector"
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Orro claims Australia first with managed digital asset discovery service
Orro claims Australia first with managed digital asset discovery service

Log In

  |  Forgot your password?