Wednesday, July 26, 2006

Kernel Vulnerability

Ack! Watch out for this Linux kernel vulnerability.

From Debian:

Kernel vulnerability

The kernel vulnerability that has been used for this compromise is referenced as CVE-2006-2451. It only exists in the Linux kernel 2.6.13 up to versions before 2.6.17.4, and 2.6.16 before 2.6.16.24. The bug allows a local user to gain root privileges via the PR_SET_DUMPABLE argument of the prctl function and a program that causes a core dump file to be created in a directory for which the user does not have permissions.

The current stable release, Debian GNU/Linux 3.1 alias 'sarge', contains Linux 2.6.8 and is thus not affected by this problem. The compromised server ran Linux 2.6.16.18.

If you run Linux 2.6.13 up to versions before 2.6.17.4, or Linux 2.6.16 up to versions before 2.6.16.24, please update your kernel immediately.

Here are some postings at LWN starting on 13 July. The discussion revolves around this vulnerability being labeled as leading to a DoS attack but, in fact, it's a root vulnerability.

Ubuntu closed this pretty quickly.