Linux exploit gets around security barrier

By Tom Espiner, ZDNet UK
Tuesday, July 21, 2009 03:10 PM

A security researcher has released zero-day code for a flaw in the Linux kernel, saying that it bypasses security protections in the operating system.

The source code for the exploit was made available last week by researcher Brad Spengler on the Dailydave mailing list. According to the researcher, the code exploits a vulnerability in Linux version 2.6.30, and 2.6.18, and affects both 32-bit and 64-bit versions. The 2.6.18 kernel is used in Red Hat Enterprise Linux 5.

The exploit bypasses null pointer de-reference protection in the mainline kernel, which could allow an attacker to gain root control of a system, Spengler wrote.

It also uses arbitrary code execution to disable security features such as auditing, Security-Enhanced Linux (SELinux), AppArmor and Linux Security Module, while making the applications running outside the kernel believe that SELinux is still operating.

In the notes for his source code, Spengler said the exploit is strengthened if SELinux is applied to the operating system. SELinux is a set of modifications that can be applied to the kernel to harden it, by providing a set of security policies.

Having SELinux enabled actually weakens system security for these kinds of exploits, he wrote.

Security training organization the Sans Institute called the exploit "fascinating". In a blog post on last week, Sans Institute incident handler Bojan Zdrnja said that the exploit uses the Linux compiler to overcome the security features.

"The compiler will introduce the vulnerability to the binary code, which didn't exist in the source code," wrote Zdrnja. "This will cause the kernel to try to read/write data from 0x00000000, which the attacker can map to userland--and this finally pwns the box."

In his notes on the source code, Spengler said that a workaround would be for administrators to compile the kernel with fno-delete-null-pointer-checks.

0

0 votes

Save to My Library

Talkback 1 comments

Linux exploit gets around security barrier
This has already been fixed in kernel 2.6.30.2

For instance see the change log at
www.kernel.org...

search for

commit 76f578b630347be522b6df7917013fd0712612e5
Author: Eugene Teo
Date: Wed Jul 15 14:59:10 2009 +0800
Posted by sean lynch on Wednesday, July 22 2009 03:05 AM

Related Whitepapers

Featured Whitepapers

Tech Jobs Now!

TechGuides

Specials
News and Interviews
Whiteboard

UOB banks on economic downturn
Singapore bank's IT chief Susan Hwee explains how financial crisis offers new opportunities to reengineer
Play video
Domino's Pizza keeps customers eating
CEO Don Meij discusses strategy to grow customer base
Play video

Salesforce CEO chatters about new social media platform
Facebook-type app hits the enterprise
Play video
Salesforce demos Service Cloud 2
New Web-based tools for customer service
Play video

Cost Effective, Secure and HA Server Infrastructure for SMBs
Alan Wan from Dell illustrates how small and medium businesses can build a high availability IT infrastructure without requiring heavy investments on skills and resources.
Play video
Enterprise 2.0
Vince Casarez, vice president of product management at Oracle, explains how Web 2.0 technologies, such as tags, wikis, and mash-ups, can be applied within an organization.
Play video