One of the main Linux stories of the past week was the security vulnerability affecting a considerable range of Linux kernels. The vmsplice() system call, introduced into the kernel in version 2.6.17 (and further expanded in versions 2.6.23 and 2.6.24, which resulted in two additional vulnerabilities) was responsible for the problem. As a result of this code, an unprivileged user logged in to any of the systems running the vulnerable kernel could easily obtain root privileges by executing certain code (this is known as "privilege escalation exploit"). Millions of machines were affected.
The vulnerability was first made public on February 8th. According to the Linux kernel changelog, it was fixed the same day and a new kernel, version 2.6.24.2, was made available on February 11th. The issue was widely publicised on February 11th, when many Linux news sites ran stories describing the problem and some even linked to the code that was capable of exploiting the vmsplice() vulnerability. Although rated as "less critical" (or 2 out of 5 on the severity barometer) by Secunia and "important" (rather than "critical") by Red Hat, any multi-user system running an unpatched kernel was vulnerable, while chances of a successful system compromise also increased dramatically. Even single-user desktop machines could be compromised through an unrelated code execution exploit.
Linux distributions started releasing patches on February 11th, the same day the news became widely known. But how fast were they?
domingo, 24 de febrero de 2008
Suscribirse a:
Enviar comentarios (Atom)
No hay comentarios:
Publicar un comentario