Linux Linux Kernel vulnerability allows Acquiring a Root Shell

[KingKrool]

Here is the Slashdot link:

Slashdot | Linux Kernel 2.6 Local Root Exploit

Sysadmins around the world are probably tearing their hair out. While the exploit itself can be used as a workaround, it is not much of a solution...

While a patch will be/is out, it will take some time to filter through to enterprises. I imagine a lot of downtime because of this (unexpected kernel upgrades are a big big problem for enterprises).

 

[superczar]

OMG...thats big...

but hen it is limited to local users only which at least makes the impat a little less bad ( AT least I don't have to bother about my personal webserver)

 

[KingKrool]

Well, anyone who can compromise the security of _any_ program via a remote exploit can break in and use this exploit.

Nicely enough, the exploit itself can be used to "patch" itself. There is a program that uses the exploit to replace a piece of kernel memory i.e. it places a ret instruction in place of the vulnerable system call. That is what they have done temporarily at my University (they don't want to have to patch and reboot 618 odd machines).

 

[Aladdin]

Todays following update can be connected to this issue??

 

[Dark Star]

^^ Learn compiling dude // /Relying on Ubuntu kernel updates is not good.. They takes a lot of time while there are already new versions.. 2.6.24.2 | 2.6.25 RC1 This 1 is gr8 I am testing this rite now

 

[Aladdin]

Thanks for telling dude. Am doing it this way...lemme know if this is outdated too

 

[vishalrao]

@hunter: if you select the package, does/did it not show the description/list of the bug fixes in the update?

i will check out the update this weekend when i connect my tablet to the net

 

[Aladdin]

hi vishalrao.

It does shows up a lil bit. And points to detailed info here /usr/share/doc/linux-headers-2.6.22-14.

But hey people, i want to know if using the brand new kernel update from kernel.org would be better? Because, i guess ubuntu people first need to make sure the kernel is working fine with the current official ubuntu gutsy.

As long as the system remains secure, kernel doesnt matter to me.

What if the new kernel from kernel.org is more advanced for current ubuntu? I am talking about 100% relationship satisfaction between both, the OS and the kernel.

The update ubuntu is providing clears the bug so i see no reason in not believing in ubuntu updates considering their past record with security issues.

 

[vishalrao]

@hunter: i am on ubuntu 7.10 at home now and i see the same kernel update as you, and yes, it is specifically for the vmsplice issue - CVE-2008-0600 you can rest assured now