Softpedia
 
HomepageWindowsGamesDriversMacLinuxScripts buttonMobileHandheldNews

NEWS CATEGORIES:



NEWS ARCHIVE >>
SOFTPEDIA REVIEWS >>
MEET THE EDITORS >>
TRENDING TODAY
Home > News > Security

August 18th, 2010, 10:15 GMT · By

Critical Vulnerability Silently Patched in Linux Kernel

SHARE:

Adjust text size:

Critical vulnerability found and patched in Linux kernel
Enlarge picture
A highly dangerous privilege escalation vulnerability, which can allow an attacker to execute arbitrary code as root from any GUI application, has been patched in the Linux kernel.

The flaw was discovered by Rafal Wojtczuk, principal researcher at Invisible Things Lab (ITL), a security research company based in Poland.

According to Joanna Rutkowska, founder of ITL, the bug was discovered while Mr. Wojtczuk was working on GUI virtualization in Qubes OS, an operating system developed by the company, in which every application runs in a separate virtual machine.

"The attack allows a (unpriviliged) user process that has access to the X server (so, any GUI application) to unconditionally escalate to root (but again, it doesn't take advantage of any bug in the X server!).

"In other words: any GUI application (think e.g. sandboxed PDF viewer), if compromised (e.g. via malicious PDF document) can bypass all the Linux fancy security mechanisms, and escalate to root, and compromise the whole system," Ms. Rutkowska explains in a post on the company's blog.

The attack and the vulnerability are described in more detail in a paper (PDF) entitled "Exploiting large memory management vulnerabilities in Xorg server running on Linux,"  authored by Rafal Wojtczuk and published yesterday.

The flaw affects both x86_32 and x86_64 platforms and was reported to the X.org security team on 17 June 2010.

It was eventually agreed that the issue needs to be addressed in the Linux kernel, which was apparently vulnerable to the attack since version 2.6 was originally released.

On 13 August, Linus Torvalds committed an initial fix, but several patches were added afterward for various reasons. The problem has been addressed in versions 2.6.27.52, 2.6.32.19, 2.6.34.4 and 2.6.35.2 of the kernel.

This is described in a Red Hat security advisory giving the bug a "high" severity rating. Judging by Joanna Rutkowska's malicious PDF example, there is a remote attack vector associated with this vulnerability, which has been assigned the CVE-2010-2240 ID.


11,898 hits · 3 comments
Link to this article · Print article · Send to friend

MUST-READ RELATED ARTICLES:


Possible Remote Code Execution Bug Fixed in Wget
Ubuntu Bug Allows Local Users to Gain Root Privileges
Apple Fixes Critical Remote Code Execution Bug in QuickTime
Apple Patches Critical iOS Vulnerabilities
Microsoft Confirms Local Privilege Escalation Bug

READER COMMENTS:


Comment #1 by: Ron on 18 Aug 2010, 23:01 UTC reply to this comment

Blatantly disgusting FUD.

Since when was "silence" redefined as a bug given a "high" severity and a CVE number that's recorded by RedHat, Novell, Debian, Secunia, CompatDB, LWN and dozens of email mirrors?

Comment #1.1 by: Lucian Constantin on 19 Aug 2010, 08:11 GMT

"Silent" in this context refers to the fact that this fix was rushed and pushed to the stable trunk without going through the regular review process.


Comment #2 by: gfolkert on 19 Aug 2010, 11:05 UTC reply to this comment

Since when do you run *X* on your servers?

X is a display technology and should only be used on a desktop if at all.

Copyright © 2001-2013 Softpedia. Contact/Tip us at

WindowsGamesDriversMacLinuxScriptsMobileHandheldNews

SUBMIT PROGRAM   |   ADVERTISE   |   GET HELP   |   SEND US FEEDBACK   |   RSS FEEDS   |   UPDATE YOUR SOFTWARE   |   ROMANIAN FORUM
© 2001 - 2013 Softpedia. All rights reserved.
Softpedia® and the Softpedia® logo are
registered trademarks of SoftNews NET SRL.		 Copyright Information | Privacy Policy | Terms of Use