Linux Kernel Flaw

[matronyx]

As reported from eweek.com ... http://www.eweek.com/article2/0,4149,1400446,00.asp

Researchers Find Serious Vulnerability in Linux Kernel

Security professionals took note of a critical new vulnerability in the Linux kernel that could enable an attacker to gain root access to a vulnerable machine and take complete control of it. An unknown cracker recently used this weakness to compromise several of the Debian Project's servers, which led to the discovery of the new vulnerability.

This discovery has broad implications for the Linux community. Because the flaw is in the Linux kernel itself, the problem affects virtually every distribution of the operating system and several vendors have confirmed that their products are vulnerable. The vulnerability is in all releases of the kernel from Version 2.4.0 through 2.5.69, but has been fixed in Releases 2.4.23-pre7 and 2.6.0-test6.

The vulnerability itself is an integer overflow in the brk( ) system call, which is a memory-management function. When the call invokes the do_brk( ) function, using user-supplied address and length variables, the call does not check for integer overflows when adding the variables, according to an analysis of the problem by Symantec Corp., based in Cupertino, Calif.

According to Symantec, this weakness would allow any local user with shell-level access to the system to escalate his privileges to root. This would allow the attacker to perform just about any task he chose on the machine. Symantec warned that the new flaw could be combined with any number of remote vulnerabilities to allow remote attackers to gain root access, as well.

RedHat Inc. and the Debian Project, both have released advisories warning customers of the issue and providing information on fixes. A slew of products from other vendors, including, MandrakeSoft S.A., SuSE Linux AG and Caldera International Inc., also are vulnerable.

According to Symantec's analysis, the exploit that the attacker used to compromise the Debian servers is not publicly available, but is apparently circulating in the cracker underground.

PATCH UP NOW!!!!

[tech_guru]

This is the sort of thing that makes you wonder how many other Security Flaws exist for Linux......That are undisclosed......

All your boxes are belong to BlackHats......

Non Full Disclosure Hackers...

[exdol]

I will go searching, however do you have a link for these advisories from RedHat?

I agree Tech_Guru, but that is the software engineering business. Some people question the name of the profession saying there is no engineering going on and that is why faulty software is being produced. Most bridges and buildings as well as other product of "engineering" is faulty as well, it just take a longer time to discover them.

I guess we just patch and keep ears and eyes open.

Peace

[Gillion]

umm symantec can kiss my a-s-s-s
The Debian guys found this out after they disected the IDS logs and decompiled the rootkit that the cracker installed on the Debian box. This is the height of show-boating... yuck...

There may be quite a few vulnarabilities in Linux. Don't forget that Linux is young when compared with something like FreeBSd or OpenBSD. So it is the theory of the software development cycle.

Most of the vulnerabilities that are there however require skilled crackers' to exploit. Most script kiddies can't use them without a l33t r007 k17 (leet root kit) built by one these treacherous crackers'.

Why I say treacherous is because these cracker'z are not reporting the "s'plotiz" that a real HACKER would report. Clan crakerz are the worst of the breed, they hoard exploits to use during "warz" so they can own boxes when competing with other clans.

There are websites where clans have tally counts of owned boxes....

::: DISCLAIMER ::: I ADVISE WINDOWS USERS, WITHOUT ZONE ALARM, NOT TO GO TO THIS SITE. I AM NOT RESPOSIBLE FOR WHAT WILL HAPPEN TO YOUR COMPUTER IF YOU DO.

Linux user's are free to view, especially if you have a firewall and your not running any un-necessary services.

Ranking ...
http://www.zone-h.org/en/hallofshame
Sites defaced ...
http://www.zone-h.org/en/defacements


If you notice :: NEARLY ALL THE BOXES COMPROMISED ARE LINUX BOXES RUNNING APACHE WITHOUT PROPER SECURITY::

FIREWALL AND IDS

Most of these boxes are RED CRAP HAT boxes with DEFAULT installs... run by people who haven't got a clue and no firewall.


--regards
Gillion
Ye olde White hats have their jobs cut out for them....