[Owasp-Recife] Fwd: [owasppb] Vulnerability in recent Linux kernels offers root rights

Caio Dias caio.dias at owasp.org
Mon Mar 4 14:40:33 UTC 2013


---------- Forwarded message ----------
From: *Noilson Caio*
Date: Monday, February 25, 2013
Subject: [owasppb] Vulnerability in recent Linux kernels offers root rights
To: infrarn at googlegroups.com
Cc: owasppb at googlegroups.com, owasp-natal at lists.owasp.org



  [image: Security Tux] An error in the handling of special netlink
messages in the Linux kernel can allow a user to surreptitiously gain root
privileges. The discoverer of the hole, Mathais Krause, confirmed to *The H*'s
associates at heise Security that Linux kernel versions 3.3 to 3.8 are
affected. These are used by, among other things, Fedora 17, 18 and
Ubuntu 12.10. Red Hat <https://bugzilla.redhat.com/show_bug.cgi?id=915052>and
SUSE <http://seclists.org/oss-sec/2013/q1/428> are unaffected as they have
not ported the code in question back to the older kernels their
distributions are based on.

Netlink <http://en.wikipedia.org/wiki/Netlink> is used for communication
between processes in userland and kernel (AF_NETLINK). With an
appropriately crafted message, a local user without administrative
privileges can gain control of a system. First exploits that will do this
are already circulating on the net. A patch for Linux
systems<http://news.gmane.org/group/gmane.linux.network/thread%3D260061/force_load%3Dt>is
already on its way. The crucial element of this flaw is that the
otherwise useful defensive restriction
mmap_min_addr<http://wiki.debian.org/mmap_min_addr>is not effective
because the erroneous access is to an address which is
above this threshold and in userspace.

(djwm <javascript:_e({}, 'cvml', 'djwm at h-online.com');>)


-- 
Noilson Caio Teixeira de Araújo
http://ncaio.wordpress
<http://ncaio.ithub.com.br>.com.br<http://ncaio.ithub.com.br>
http://br.linkedin.com/in/ncaio
http://www.commandlinefu.com/commands/by/ncaio
http://www.dicas-l.com.br/autores/noilsoncaioteixeiradearaujo.php

-- 

---
Você está recebendo esta mensagem porque se inscreveu no grupo "OWASP
Paraíba" dos Grupos do Google.
Para cancelar a inscrição neste grupo e parar de receber seus e-mails,
envie um e-mail para
owasppb+unsubscribe at googlegroups.com<javascript:_e({}, 'cvml',
'owasppb%2Bunsubscribe at googlegroups.com');>
.
Para obter mais opções, acesse https://groups.google.com/groups/opt_out.





-- 
Caio Dias
<https://about.me/caiodias> https://about.me/caiodias
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-recife/attachments/20130304/f6681d6e/attachment.html>


More information about the Owasp-recife mailing list