Debian r00ted through Linux kernel security flaw

, posted: 15-Jul-2006 10:33

Beastie I sometimes think it'd be nice to run Linux again, after reading all the glowing reviews of various distros. Slackware and Red Hat Linux were the two distributions I started off with in fact, many years ago. Ended up moving to FreeBSD and OpenBSD however because I learnt to appreciate that an operating system is much more than just the kernel and anyway, Red Hat went commercial, killing all support for the free distribution and Fedora kind of sucked at the time.

Linux comes with all sorts of interesting features that are fun to try, but after reading stories like this one ZD Net, I don't think I would trust it for front-line duty. The security breach hit the Debian GNU/Linux project rather hard:

One core Debian server has been reinstalled after a compromise and services have been restored. On July 12th the host gluck.debian.org has been compromised using a local root vulnerability in the Linux kernel. The intruder had access to the server using a compromised developer account.

The services affected and temporarily taken down are: cvs, ddtp, lintian, people, popcon, planet, ports and release.


But it was fixed pretty fast, luckily, so the damage seems to have been limited. Here's the advisory for the kernel security flaw issue:

Kernel vulnerability

The kernel vulnerability that has been used for this compromise is referenced as CVE-2006-2451. It only exists in the Linux kernel 2.6.13 up to versions before 2.6.17.4, and 2.6.16 before 2.6.16.24. The bug allows a local user to gain root privileges via the PR_SET_DUMPABLE argument of the prctl function and a program that causes a core dump file to be created in a directory for which the user does not have permissions.


The current stable release, Debian GNU/Linux 3.1 alias 'sarge', contains Linux 2.6.8 and is thus not affected by this problem. The compromised server ran Linux 2.6.16.18.

If you run Linux 2.6.13 up to versions before 2.6.17.4, or Linux 2.6.16 up to versions before 2.6.16.24, please update your kernel immediately.



If you run Linux, make sure you swap out the kernels above to something newer and less "holey". You may also want to check out OpenBSD or FreeBSD if you no longer want to sleep with one eye open monitoring security advisories (yes, that's a very lame troll, no OS is 100% secure, and so forth).

More information

Other related posts:
FreeBSD 6.2 released
Thunderbird 2.0 beta 1 out - and I like it
Firefox 2.0 and Windows Vista niggles






comments powered by Disqus


Writing

Google News search
Wired
Guardian
IT News
PC World New Zealand
Computerworld NZ
PC World and Computerworld Australia
PC World US
Computerworld US
NZ Herald
Virus Bulletin

Content copyright © Juha Saarinen. If you wish to use the content of my blog on your site, please contact me for details. I'm usually happy to share my material as long as it's not for spamblogs and content farms. Please attribute with a link back to this blog. If you wish to advertise on my blog, please drop me an email to discuss the details.
Comments policy All comments posted on this blog are the copyright and responsibility of the submitters in question. Comments commercial and promotional in nature are not allowed. Please ensure that your comments are on topic and refrain from making personal remarks.