September 21, 2014

Linux 2.6.39 Memory Handling Vulnerability

(LiveHacking.Com) – Exploits have started appearing that make it possible to gain root privileges on some versions of the Linux kernel due to a flaw in the  /proc/<pid>/mem handling. The vulnerability first came to light when Linus Torvalds released a Linux kernel update last week to fix the flaw and the subsequent analysis of the bug at  Nerdling Sapple.

The bug, which was discovered by Jüri Aedla, allows a local, unprivileged user to escalate their privileges. The problem is that write support to /proc/<pid>/mem was re-enabled in the kernel but with insufficient permissions checking. This means that all Linux kernels >=2.6.39 are vulnerable, up until the fix noted above.

Red Hat have released a small C program which will test a kernel to see if it is vulnerable. If you are not sure if you are running an affected kernel version compile and run the test from https://bugzilla.redhat.com/attachment.cgi?id=556461:

$ gcc -o test test.c
$ ./test
vulnerable

You can read Red Hat’s full security advisory here. Canonical, the makers of Ubuntu Linux, have also announced the release an update for Ubuntu 11.10. The fix can be applied using a standard system update followed by a reboot.

Share and Enjoy:
  • Print
  • Digg
  • StumbleUpon
  • del.icio.us
  • Facebook
  • Yahoo! Buzz
  • Twitter
  • Google Bookmarks