In association with heise online

17 July 2006, 11:14

New Linux exploit published

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

At the Full Disclosure mailing list, a demonstration of a new weak point in the Linux kernel has been published. It allows registered users to gain root rights to the system. It uses what is called a "race condition" - the lack of protection against conflicting access to a resource - in the /proc filesystem. According to the Internet Storm Center, the hole affects all versions of the 2.6 kernel. While the demonstration itself requires support for the outdated binary format a.out, the hole can also be exploited even if CONFIG_BINFMT_AOUT is not set. The security extension SELinux used in Red Hat enterprise Linux 4 apparently also stops the exploit.

Such local exploits are often used to gain access to administrator rights on systems used by multiple users. Less than a week ago, unidentified hackers exploited a similar hole in the Linux kernel (which has since been patched) to compromise a server used in the Debian project. Before this 0day exploit was published, heise Security had received indications that a large number of other such local-root exploits that attack previously unknown weak points are also in circulation. The discovery of this 0day exploit is good evidence that these indications were true.

In response to the discovery of this new weak point, the "ugly /proc hole", Linux Torvalds has published updated kernel versions and A following minor update to respectively relaxes the introduced restrictions a bit.

Also see:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit