PDA

View Full Version : Linux security exploit found


Paul K
15-06-2004, 19:38
News item (http://www.eweek.com/article2/0,1759,1612480,00.asp)
Ths was reported yesterday but I missed it :erm:

A Linux bug was recently uncovered by a young Norwegian programmer that, when exploited by a simple C program, could crash most Linux 2.4 or 2.6 distributions running on an x86 architecture.

"Using this exploit to crash Linux systems requires the (ab)user to have shell access or other means of uploading and running the programââ‚à ‚¬Ã¢â‚¬Âlike cgi-bin and FTP access," reports the discoverer, ÃÃ*’Ëœyvind SÃÃ*’¦ther.

"The program works on any normal user account, and root access is not required," SÃÃ*’¦ther reported. "This exploit has been reported used to take down several 'lame free-shell providers' servers. [Running code you know will damage a system intentionally and hacking in general] is illegal in most parts of the world and strongly discouraged."

Along with the code needed to use the exploit, SÃÃ*’¦ther also posted several patches to 2.4 and 2.6 kernels that will keep the exploit from crashing systems.

Several security problems have been uncovered in Linux over the past year. The most serious was uncovered in February by the Polish security nonprofit organization iSEC Security Research.

The biggest of these security holes, called "Linux kernel do_mremap VMA limit local privilege escalation vulnerability" by iSEC, could have enabled a cracker to achieve full super-user and full administration privileges. In each case, fixes were quickly delivered by the Linux open-source community.

This latest security hole, however, can be used to crash a system, but it doesn't give an attacker any other control of a Linux system.

Technically, the problem exists because the Linux kernel's signal handler isn't handling floating-point (FP) exceptions correctly. Linux's creator, Linus Torvalds, said, "There's a path into the kernel where if there is a pending FP error, the kernel will end up taking an FP exception, and it will continue to take the FP exception forever. Duh."

Torvalds already has the problem well in hand, he said. "I fixed it in my [source code] tree a few days ago, so it's in the current snapshots, and if I wasn't in the middle of a move [to Portland, Ore.] I'd have released a 2.6.7 already. As it is, I'll hopefully have it done by tomorrow [June 15].

Eric Raymond, president of the Open Source Initiative, added, "It isn't a big deal. This one can be trivially fixed. This fixable kernel crasher doesn't cause any new problems."

greencreeper
15-06-2004, 21:03
It shows the benefits of open source software.

Paul K
15-06-2004, 21:09
It also shows that its not just Microsoft that has to learn to write software properly ;)

philip.j.fry
16-06-2004, 10:05
It also shows that its not just Microsoft that has to learn to write software properly ;)

:p: It's near impossible to write code on that kind of scale without some kind of error. I'd better get patched up later :)

greencreeper
16-06-2004, 16:39
It's not how well written the code is that's at issue - like Phil(ip) says, you can't write code ont he scale of an OS without introducing errors, especially if you're human :) The issue is how quickly those errors are discovered, who discovers them, and how quickly they are patched. We've no idea what errors exist in Microsoft products because we cannot see the code, and we're at their mercy to provide patches, which in the past have had errors in them... In the example Paul posted the person discovering the error, fixed the error. That doesn't happen with Microsoft - it's much more likely that the person will develop a virus or other malware to exploit the error :) You'll notice that Microsoft responds more quickly to an error that has a known exploit than to one that doesn't - even it's rating system supports the idea that an error without exploit isn't important.

I'm pro- open source. I understand the concerns of business and the support issues, but it just seems an altogether better way of producing software.

zovat
17-06-2004, 15:09
bear in mind that there is a peice of code out there that compiles to something like a 4 byte commnd that will crash any intel processor - regardless of OS being run....

There is always something to fix in any code - that includes the processor code...