Calling himself “qaaz,” the researcher on Saturday posted on the MilwOrm.com site two exploits labeled “Linux kernel 2.6.17 – 188.8.131.52 vmsplice Local Root Exploit” and "Linux kernel 2.6.23 – 2.6.24 vmsplice Local Root Exploit.”
However, the Linux flaws – system call vulnerabilities which have been labelled a “moderate risk” by FrSIRT, theFrench security response team, and “less critical” by Danish vulnerability clearinghouse Secunia – apparently already have been fixed in newer versions of Linux kernel 2.6, researchers said. Secunia also said in its advisory that the Linux flaws can only be exploited from local systems.
Researchers cautioned that although the new vulnerabilities apparently cannot be exploited remotely, the potential for a root-level exploit offered by the kernel flaws may give attackers access to sensitive data on servers running the flawed version of Linux.
Multiple vulnerabilities were discovered late last week by Wojciech Purczynskiof of iSEC Security Research in “vmsplice” functions in the kernel 2.6 operating system that are not being properly verified before being used to perform memory operations — rendering them vulnerable to exploits that bypass security restrictions and enable attackers to obtain elevated privileges.
According to Secunia, the vulnerabilities first appeared in Linux kernal version 2.6.17.
“These issues are caused by errors in the “vmsplice_to_user(),” “copy_from_user_mmap_sem(),” and “get_iovec_page_array(),” [fs/splice.c] functions that do not validate user-supplied data before being used, which could be exploited by malicious users to read or write arbitrary memory data, and execute malicious code with elevated privileges,” FrSIRT said, in a warning posted on Monday.
FrSirt said the kernel vulnerabilities could be exploited by “malicious local users” to cause a denial of service or to disclose sensitive data, and recommended that Linux users upgrade to kernel versions 184.108.40.206 or 220.127.116.11, which do not have the flaws.
See original article on scmagazineus.com
Researcher releases exploit codes for Linux kernel 2.6 flaws
By Jack Rogers on Feb 13, 2008 11:39AM