5-Year-Old Linux Kernel Bug Fixed 127
rastos1 sends in a report about a significant bug fix for the Linux kernel (CVE-2014-0196).
"'The memory-corruption vulnerability, which was introduced in version 2.6.31-rc3, released no later than 2009, allows unprivileged users to crash or execute malicious code on vulnerable systems, according to the notes accompanying proof-of-concept code available here. The flaw resides in the n_tty_write function controlling the Linux pseudo tty device. 'This is the first serious privilege escalation vulnerability since the perf_events issue (CVE-2013-2049) in April 2013 that is potentially reliably exploitable, is not architecture or configuration dependent, and affects a wide range of Linux kernels (since 2.6.31),' Dan Rosenberg, a senior security researcher at Azimuth Security, told Ars in an e-mail. 'A bug this serious only comes out once every couple years.' ... While the vulnerability can be exploited only by someone with an existing account, the requirement may not be hard to satisfy in hosting facilities that provide shared servers, Rosenberg said."
Re:This is the problem with Linux Security (Score:4, Interesting)
To expand on this, not only do they not assign security bugs the priority they deserve, they actively hide them.
http://arstechnica.com/securit... [arstechnica.com]
FWIW, I love Linux and used Slackware for almost a decade.
Re:This is the problem with Linux Security (Score:5, Interesting)
Well it can't be patched before it was discovered but you seem to be implying this issue was known about 5 years ago.
How long from when it was discovered did it take to be patched?
Re:This is the problem with Linux Security (Score:4, Interesting)
Re:This is the problem with Linux Security (Score:4, Interesting)
I completely disagree. The reason I use a OS is because its features work and it doe snot crash all the time, I could not care less if it were 1% more secure.
Re:This is the problem with Linux Security (Score:3, Interesting)
Was it? Where? The git commit linked in the article is for 2014-05-03. Given the number of fixes and revisions this patch went through, one has to actually hunt it down in the MLs to know.
So, can you please point us to the source of your information?
Re:This is the problem with Linux Security (Score:3, Interesting)
You should read up some more on the clash between security professionals and the Linux maintainers.
Some bugs are more critical than others, and hiding them not to get negative attention or (rightfully) be pressured to fix them is pretty bad.
5 year old tempest in tty pot (Score:4, Interesting)
POC doesn't work here. (Score:5, Interesting)
I read through the POC, it seemed safe enough to play with, so I've tried it out on a few different servers here (CentOS & Debian Stable). On the CentOS boxes it dies before it even gets started trying to overflow into a tty, and on my Debian machine it's been going for 5 minutes (using up to 90% CPU, but still leaving the machine quite usable), and still hasn't got anywhere.
This isn't quite the "instant ROOT ACCESS!" privilege escalation that scares keeps sysadmins up at night. (unless I'm missing something...)
Re:This is the problem with Linux Security (Score:3, Interesting)
The OP does not inaccurately malign the attitude of the kernel develops towards security bugs. Their stance is widely known.