• United States

Security flaw in Linux kernel gets vendor patches

Feb 20, 20043 mins
LinuxNetworkingPatch Management Software

A security vulnerability in the Linux kernel that could have allowed a hacker to gain control of the operating system on user machines has been patched by the open-source community and Linux vendors.

The flaw, which was found last month by Paul Starzetz, a researcher with the nonprofit group iSEC Security Research in Poland, was in Linux kernel memory management code. The flaw, which was publicly announced on Wednesday, could have allowed an attacker to get into the system as a local user and then gain root, or administrator, privileges on the target system, according to iSEC.

In an e-mail Friday, Starzetz wrote that the bug affects all kernels from the 2.4 series to 2.4.24, all 2.2 kernels to 2.2.25 and the 2.6 kernel series including 2.6.2. The only kernels that are not vulnerable, he said, are 2.4.25 and 2.6.3.

Patches are being worked on for the 2.2 series kernel, he said. All the odd kernel releases including 2.3 and 2.5 are also vulnerable, but it’s unlikely that many people use them because they are development kernels, not release models.

“The bug is very serious,” he wrote, if an attacker gains local access to a vulnerable machine. On a scale of 0 to 10, with 0 being no bug at all, the vulnerability would be scored 10, or “the most serious danger we can imagine,” he said. “Due to this seriousness we decided to delay the release of the exploit code until the next week (so that people who care about their machines have enough time to update them).”

The problem can only be corrected by upgrading a vulnerable machine to the latest kernel version, Starzetz wrote.

Mark Cox, security response team leader at Linux vendor Red Hat, said iSEC researchers quickly notified Linux team leaders and vendors of the problem after they discovered it, giving the open-source community time to create patches and get them posted for users.

“These are issues found by goods guys, reported responsibly and dealt with in the right way,” Cox said. “It’s just kind of a textbook example of how these things should work out.”

No reports of any attack using the vulnerability have been received, Cox said.

Patches have already been posted by major vendors, including Red Hat and SuSE Linux.

Last month, iSEC found and reported a similar but unrelated security vulnerability in the Linux kernel memory management code. Patches for that problem were also made available by Red Hat, SuSE and other Linux vendors.

Chris Mason, a software developer at SuSE, said that once the vulnerabilities are patched, the problem is resolved.

“It’s the kind of thing that gets found from time to time in the open-source community and we fix them,” Mason said.


Todd R. Weiss is an award-winning technology journalist and freelance writer who worked as a staff reporter for Computerworld from 2000 to 2008. Weiss covers enterprise IT from cloud computing to Hadoop to virtualization, enterprise applications such as ERP, CRM and BI, Linux and open source, and more. He spends his spare time working on a book about an unheralded member of the 1957 Milwaukee Braves and watching classic Humphrey Bogart movies.

More from this author