By Bill Brenner, News Writer
22 Jul 2004 | SearchSecurity.com
Users are advised to update their systems against multiple denial-of-service and permission vulnerabilities in the Linux kernel that could be exploited by an attacker. Gentoo said the flaws are "high impact."
"The set of vulnerabilities ranges from DOS issues to overflows which can possibly be used to read kernel memory," Gentoo Linux X86 Core and Kernel Team member Tim Yamin said in an e-mail. "My main advice is to keep one's kernel secure and updated to avoid security bugs."
Gentoo's advisory said, "The Linux kernel allows a local attacker to mount a remote file system on a vulnerable Linux host and modify files' group IDs. Also, a flaw in the handling of /proc attributes has been found in 2.6 series kernels; allowing the unauthorized modification of /proc entries, especially those which rely solely on file permissions for security to vital kernel parameters."
Yamin said tainted group IDs can open the door for a denial-of-service attack. "By exploiting this vulnerability, users in the original file group would also be blocked from accessing the changed files," he said.
The advisory addresses other problems: One in the vserver Linux sources in which /proc related changes in one virtual context are applied to other contexts as well, including the host system; vulnerabilities in 2.6 series Linux kernels older than 2.6.7 found by the Sparse source code checking tool; and fixes for a local denial-of-service vulnerability that can cause unknown behavior and a floating point information leak on IA64 platforms in which registers of other processes can be read by a local user.
"The /proc attribute vulnerability allows local users with previously no permissions to certain /proc entries to exploit the vulnerability and then gain, read, write and execute access to entries," the advisory said. "These new privileges can be used to cause unknown behavior ranging from reduced system performance to a denial of service by manipulating various kernel options which are usually reserved for the superuser."
The flaw could also be used to open restrictions set through /proc entries, allowing further attacks to take place through another possibly unexpected attack vector, Gentoo said.
All 2.6 users are affected by the /proc attribute issue and the only known workaround is to disable /proc support, the advisory said. It added that the vserver flaw applies only to vserver sources, and no workaround is currently available.
"As a result, all users affected by any of these vulnerabilities should upgrade their kernels to ensure the integrity of their systems," Gentoo said.
The Linux kernel manages the core aspects of a GNU/Linux system, providing an interface for core system applications and the essential structure and capability to access hardware needed for a running system.
|