Find the answer to your Linux question:
Results 1 to 4 of 4
Like Tree1Likes
  • 1 Post By atreyu
+++ This is a shout out to all you sysadmins and paranoid types +++ There is a flaw in certain kernels that would pose a serious security risk that local ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Trusted Penguin
    Join Date
    May 2011
    Posts
    4,353

    Kernel privilege escalation flaw (and fixes)


    +++ This is a shout out to all you sysadmins and paranoid types +++

    There is a flaw in certain kernels that would pose a serious security risk that local users could leverage. It is described at IDG/PCWorld:

    Linux Vendors Rush to Patch Privilege Escalation Flaw After Root Exploits Emerge | PCWorld Business Center

    and The H:

    Linux root exploit due to memory access - Update 2 - The H Open Source: News and Features

    Red Hat has a KB article here:

    https://access.redhat.com/kb/docs/DOC-69129

    which describes how it affects RHEL 6 (but not 4/5) and interim solutions you can take, if you can't get the kernel patch.

    The exploit below takes advantage of the flaw:

    CVE-2012-0056 - Mempodipper, a linux local root exploit.

    I have confirmed that the exploit works (allows a non-root user to spawn a root shell) on:

    • Red Hat 6 / kernel 2.6.32-220.el6.x86_64
    • Fedora 16 / kernel 3.1.6-1.fc16.i686.PAE


    It is trivial to test the exploit, a simple wget, gcc, and ./ and you'll know where you stand. I recommend it.

    I updated the Fedora box to the latest kernel in the Fedora 16 updates repo (3.2.1-3) which includes the patch to fix this, rebooted, and yes, the exploit is foiled.

    I updated the RHEL box to the kernel listed in their KB (2.6.32-220.4.1) and it also fixed the problem. (Well, technically, I used the RPM from the CentOS updates repo b/c I don't have an RHN, but it's good to know that I could do that.)

    Apparently Canonical/Ubuntu and Arch have released patched kernels, too. Or you could just grab Linus's kernel patch and apply it to the kernel source and recompile, if that's how you roll.
    bleedingsamurai likes this.

  2. #2
    Penguin of trust elija's Avatar
    Join Date
    Jul 2004
    Location
    Either at home or at work or down the pub
    Posts
    3,598
    I think I saw the same thing in our weekly security bulletin at work this morning. It will be nice to show the Windows types who were "See! Linux isn't secure after all!!" that it's already been patched and released.
    "I used to be with it, then they changed what it was.
    Now what was it isn't it, and what is it is weird and scary to me.
    It'll happen to you too."

    Grandpa Simpson



    The Fifth Continent

  3. #3
    Trusted Penguin
    Join Date
    May 2011
    Posts
    4,353
    Quote Originally Posted by elija View Post
    I think I saw the same thing in our weekly security bulletin at work this morning. It will be nice to show the Windows types who were "See! Linux isn't secure after all!!" that it's already been patched and released.
    Definitely. Considering the potential for devastation an ease of implementation of this threat, it might have been also good, though, if the main Linux vendors (Red Hat, Canonical, SUSE, etc.) had been able to provide publicly available patches for their systems before this hit the news wire.

  4. #4
    Linux Guru Rubberman's Avatar
    Join Date
    Apr 2009
    Location
    I can be found either 40 miles west of Chicago, in Chicago, or in a galaxy far, far away.
    Posts
    11,633
    RHEL/CentOS/ScientificLinux have also released updated kernels. I have installed the new one, but not activated it yet. The last kernel screwed up my audio, so I am now 2 kernels in arrears... I will check it out tonight, and if the audio is still FUBAR, I will b!tch at Red Hat et al and keep running my current kernel. I am running SL 6.0 - and need to update to 6.1. Time, if only I had infinite time! New job as senior performance engineer for Nokia is keeping me too busy! I also need to test our web browser software on multiple phone versions. Currently I have two different company phones - a Series 40 phone to test our software, and an N8 Symbian one for regular business use (and testing)... Watch my head spin...
    Sometimes, real fast is almost as good as real time.
    Just remember, Semper Gumbi - always be flexible!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •