Researcher releases exploit codes for Linux kernel 2.6 flaws

By

A researcher has released exploit codes for newly discovered Linux kernel 2.6 flaws which could permit attackers to gain root-system privileges they can use to steal data or mount denials of service on Linux-based systems.


Calling himself “qaaz,” the researcher on Saturday posted on the MilwOrm.com site two exploits labeled “Linux kernel 2.6.17 – 2.6.24.1 vmsplice Local Root Exploit” and "Linux kernel 2.6.23 – 2.6.24 vmsplice Local Root Exploit.”

However, the Linux flaws – system call vulnerabilities which have been labelled a “moderate risk” by FrSIRT, theFrench security response team,  and “less critical” by Danish vulnerability clearinghouse Secunia – apparently already have been fixed in newer versions of Linux kernel 2.6, researchers said. Secunia also said in its advisory that the Linux flaws can only be exploited from local systems.

Researchers cautioned that although the new vulnerabilities apparently cannot be exploited remotely, the potential for a root-level exploit offered by the kernel flaws may give attackers access to sensitive data on servers running the flawed version of Linux.

Multiple vulnerabilities were discovered late last week by Wojciech Purczynskiof of iSEC Security Research in “vmsplice” functions in the kernel 2.6 operating system that are not being properly verified before being used to perform memory operations — rendering them vulnerable to exploits that bypass security restrictions and enable attackers to obtain elevated privileges.

According to Secunia, the vulnerabilities first appeared in Linux kernal version 2.6.17.

“These issues are caused by errors in the “vmsplice_to_user(),” “copy_from_user_mmap_sem(),” and “get_iovec_page_array(),” [fs/splice.c] functions that do not validate user-supplied data before being used, which could be exploited by malicious users to read or write arbitrary memory data, and execute malicious code with elevated privileges,” FrSIRT said, in a warning posted on Monday.

FrSirt said the kernel vulnerabilities could be exploited by “malicious local users” to cause a denial of service or to disclose sensitive data, and recommended that Linux users upgrade to kernel versions 2.6.23.16 or 2.6.24.2, which do not have the flaws.

See original article on scmagazineus.com
Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:
linux securitysecurity

Sponsored Whitepapers

Modern Identity for SAP and Beyond: Replace SAP IDM with Saviynt
Modern Identity for SAP and Beyond: Replace SAP IDM with Saviynt
Saviynt Simplifies GRC and Access Control for SAP and Beyond
Saviynt Simplifies GRC and Access Control for SAP and Beyond
Futureproof Your Business with Datacom and AMD: Seamless Windows 11 Transition
Futureproof Your Business with Datacom and AMD: Seamless Windows 11 Transition
See everything. Do more.
See everything. Do more.
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra

Events

Most Read Articles

Australia's super funds told to assess authentication controls

Australia's super funds told to assess authentication controls
Woolworths' CSO is Optus-bound

Woolworths' CSO is Optus-bound
CBA looks to GenAI to assist 1200 'security champions'

CBA looks to GenAI to assist 1200 'security champions'
Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies
techpartner.news logo
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
"It's an exciting time to be part of the health and aged care sector"
"It's an exciting time to be part of the health and aged care sector"
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Orro claims Australia first with managed digital asset discovery service
Orro claims Australia first with managed digital asset discovery service

Log In

  |  Forgot your password?