ubuntuforums-unanswered team mailing list archive

Thread
Date

Re: [Question #77670]: attack on open source

To: ubuntuforums-unanswered@xxxxxxxxxxxxxxxxxxx
From: greg toler <question77670@xxxxxxxxxxxxxxxxxxxxx>
Date: Tue, 21 Jul 2009 18:07:42 -0000
Reply-to: question77670@xxxxxxxxxxxxxxxxxxxxx
Sender: bounces@xxxxxxxxxxxxx

Question #77670 on Ubuntu changed:
https://answers.launchpad.net/ubuntu/+question/77670

    Status: Answered => Open

greg toler is still having a problem:
what the report said


;;;; A security researcher has released zero-day code for a flaw in the
Linux kernel, saying that it bypasses security protections in the
operating system.

The source code for the exploit was made available last week by
researcher Brad Spengler on the Dailydave mailing list. According to the
researcher, the code exploits a vulnerability in Linux version 2.6.30,
and 2.6.18, and affects both 32-bit and 64-bit versions. The 2.6.18
kernel is used in Red Hat Enterprise Linux 5.

The exploit bypasses null pointer de-reference protection in the
mainline kernel, which could allow an attacker to gain root control of a
system, Spengler wrote.

It also uses arbitrary code execution to disable security features such
as auditing, Security-Enhanced Linux (SELinux), AppArmor and Linux
Security Module, while making the applications running outside the
kernel believe that SELinux is still operating.

In the notes for his source code, Spengler said the exploit is
strengthened if SELinux is applied to the operating system. SELinux is a
set of modifications that can be applied to the kernel to harden it, by
providing a set of security policies.

Read this
Ten reasons why Linux will oust Windows

The interest stirred up by Windows 7 is too little, too late to halt the
rise of Linux, says Jack Wallen

Read more +

"Having SELinux enabled actually weakens system security for these kinds
of exploits," he wrote.

Security training organisation the Sans Institute called the exploit
"fascinating". In a blog post on Friday, Sans Institute incident handler
Bojan Zdrnja said that the exploit uses the Linux compiler to overcome
the security features.

"The compiler will introduce the vulnerability to the binary code, which
didn't exist in the source code," wrote Zdrnja. "This will cause the
kernel to try to read/write data from 0x00000000, which the attacker can
map to userland — and this finally pwns the box."

In his notes on the source code, Spengler said that a workaround would
be for administrators to compile the kernel with fno-delete-null-
pointer-checks.

-- 
You received this question notification because you are a member of UF
Unanswered Posts Team, which is an answer contact for Ubuntu.