Canonical and others close kernel holes
Canonical has released updated kernels for Ubuntu versions 10.04 LTS, 9.10, 9.04, 8.04 LTS and 6.06 LTS to close the recently discovered holes in the Linux kernel. The updates are also for the equivalent versions of Kubuntu, Edubuntu and Xubuntu and should be available through Ubuntu's Software Update system.
The two holes were discovered by Ben Hawkes. In one, he found that on 64-bit systems the kernel did not correctly validate memory ranges when making 32-bit system calls which allocated memory. This flaw could allow a local attacker to gain root privileges (CVE-2010-3081). In the other he found that the registers on 64 bit kernels were not correctly filtered when performing 32-bit system calls on a 64-bit system (CVE-2010-3301). This could also allow local attackers to gain root privilege.
Red Hat have evaluated their Enterprise Linux offerings and say only RHEL5 is vulnerable to CVE-2010-3081; RHEL4 and Red Hat Enterprise MRG have similar validation issues but lack the "compat_mc_sockopt()" function used by the exploit. The company plans an update to RHEL5 as soon as the fixes have passed testing and will address issues in RHEL4 and Enterprise MRG in a later update. The company says that no version of RHEL is vulnerable to CVE-2010-3301.
Fedora developers are currently in the process of releasing fixes for Fedora 14, Fedora 13 and Fedora 12. The updates are queued up awaiting final checks before being pushed into Fedora's update mechanism.
- Hole in Linux kernel provides root rights - Update, a report from The H.