Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Bug Security Linux

5-Year-Old Critical Linux Vulnerability Patched (threatpost.com) 68

msm1267 quotes Kaspersky Lab's ThreatPost: A critical, local code-execution vulnerability in the Linux kernel was patched more than a week ago, continuing a run of serious security issues in the operating system, most of which have been hiding in the code for years. Details on the vulnerability were published Tuesday by researcher Philip Pettersson, who said the vulnerable code was introd in August 2011.

A patch was pushed to the mainline Linux kernel December 2, four days after it was privately disclosed. Pettersson has developed a proof-of-concept exploit specifically for Ubuntu distributions, but told Threatpost his attack could be ported to other distros with some changes. The vulnerability is a race condition that was discovered in the af_packet implementation in the Linux kernel, and Pettersson said that a local attacker could exploit the bug to gain kernel code execution from unprivileged processes. He said the bug cannot be exploited remotely.

"Basically it's a bait-and-switch," the researcher told Threatpost. "The bug allows you to trick the kernel into thinking it is working with one kind of object, while you actually switched it to another kind of object before it could react."
This discussion has been archived. No new comments can be posted.

5-Year-Old Critical Linux Vulnerability Patched

Comments Filter:
  • by Anonymous Coward on Saturday December 10, 2016 @12:57PM (#53459609)

    The real story here, is that 4 days after the vulnerability was made known to the devs, a patch was released.

      • by Anonymous Coward

        No. That's the story you want people to talk about as a distraction to the real story. "Look guys. As soon as someone bothered to actually check the code we fixed it so fast!!" SO FAST!!!

        • Kernel code isn't blindly put in to the code base. Linus and his trusted few do a great job, at weaving out the garbage submissions, for the most part. They aren't as affective as OpenBSD, with their useful paranoid code audits. If your concerned about future instances like this. Please contribute your time, not your tears.
          • by Anonymous Coward

            I'd have to use Linux to be the one crying.

    • by Kjella ( 173770 )

      The real story here, is that 4 days after the vulnerability was made known to the devs, a patch was released.

      Why? If no bad guys have found it the difference between four days or and three months is of little difference. If the bad guys have found it (or worse yet, planted it) the difference between five years and four days and five years and three months is also of little difference. Not the kind of casual bad guys that deal with cryptolockers and botnets and identity theft, if they found it you'd probably see it in the wild and exposed. But targeted attacks for industrial espionage and such could probably use it

    • by antdude ( 79039 )

      I don't see it for Debian stable/Jessie so far. :P

  • Give a five-year-old a nod, he'll come back with all kinds of bait-and-switch naughtiness.
  • by Anonymous Coward
    If an attacker is in the same room as your system, you're already pwnd.
  • ... is out of intensive care and is rocking the eye patch.

  • The vulnerability is a race condition that was discovered in the af_packet implementation in the Linux kernel

    racism is ruining our country... and now our kernel too? IS NOTHING SACRED ANYMORE?! ;)

  • Classic TOCTTOU (Score:4, Informative)

    by naasking ( 94116 ) <naasking@gm[ ].com ['ail' in gap]> on Saturday December 10, 2016 @03:15PM (#53460219) Homepage

    So basically, a classic, well known TOCTTOU vulnerability [wikipedia.org].

  • "He said the bug cannot be exploited remotely."

    In other words, "yawn". If you have physical access to a machine all bets are off.

  • This bug need CAP_NET_ADMIN privileges, which are VERY rarely enabled for typical user, because they will let you screw network configuration and sniff on traffic (which is almost equal to root privileges in our networking days)
  • In case anyone cares, this code was first introduced in Linux 3.2.

    This is for those of us who use uname -r to check their kernel version, not the year it was checked out from the kernel repos.

Think of it! With VLSI we can pack 100 ENIACs in 1 sq. cm.!

Working...