Linux Kernel Vunerability

All Gurus once were Newbies
Forum rules
There are no such things as "stupid" questions. However if you think your question is a bit stupid, then this is the right place for you to post it. Please stick to easy to-the-point questions that you feel people can answer fast. For long and complicated questions prefer the other forums within the support section.
Before you post please read how to get help

Linux Kernel Vunerability

Postby pete284 on Fri Feb 15, 2008 5:10 pm

The Register has reported :

A major security vulnerability in the Linux kernel, which was revealed on Sunday, has claimed its first confirmed UK victim in business ISP Claranet.

Hackers used a bug in the sys_vmsplice kernel call, which handles virtual memory management, to gain root privileges and replace Claranet customers' index.html files with the hacker's calling card.

The exploit was noticed at about 6pm on Tuesday.

Claranet said: "Malicious activity related to the vulnerability was detected on Claranet's shared hosting platform. Within 10 minutes Claranet contained and halted the malicious activity, and locked down the platform to prevent further damage.

"The shared hosting platform was fully patched with the vendor's updates by 10am on Wednesday. Less than one per cent of the total web sites hosted on the Claranet platform were affected and all were restored to their original states by 1pm on Wednesday 13 February."

The (potentially tricky) hacking process was dumbed down by the publication of exploit code earlier this week, Linux-Watch notes.

Security notification firm Secunia reports that switching to either version 2.6.23.16 or 2.6.24.2 of the Linux kernel guards against attack. Hotfixes designed to plug the vulnerability short of upgrading the kernel have also been released.

The affected system call first appeared in version 2.6.17 of the Linux kernel, but wasn't left open to exploit until changes were made with the 2.6.23 version.

Linux vendors are working on a permanent fix for the problem. Claranet emphasised that it keeps a close eye on announcements of new vulnerabilities and acts swiftly to patch them.


Apparently other forums report Ubuntu sent out a patch on 13th Feb
User avatar
pete284
Level 1
Level 1
 
Posts: 36
Joined: Sun Jan 06, 2008 11:04 am
Location: Wrexham, Wales, UK

Linux Mint is funded by ads and donations.
 

Re: Linux Kernel Vunerability

Postby Husse on Sat Feb 16, 2008 10:52 am

The affected system call first appeared in version 2.6.17 of the Linux kernel, but wasn't left open to exploit until changes were made with the 2.6.23 version.

As we have 2.6.22 we're probably safe
Image
Don't fix it if it ain't broken, don't break it if you can't fix it
Husse
Level 21
Level 21
 
Posts: 19703
Joined: Sun Feb 11, 2007 7:22 am
Location: Near Borås Sweden

Re: Linux Kernel Vunerability

Postby clem on Sat Feb 16, 2008 3:52 pm

You can get the Ubuntu patches in mintUpdate:

- open the preferences.
- make level 5 visible.
- sort the list of updates by level to see the kernel (level 5).
- clear the list to have nothing selected.
- select the kernel (linux-image-...)
- click install updates
- go back to preferences and make level 5 invisible again.

Now, before you do that... make sure you know why you're doing it. If you're a home user, behind a physical router + ISP (NAT and all) and you've been using kernel modules (nvidia drivers, restricted manager for wifi, virtualbox..etc..) you probably:

1- don't care about hackers.
2- do care about the stability of your system.

so in this case, don't bother upgrading. Things work now, will they work as well then?

If you're on standard hardware and exposed on the Internet (a server for instance) then you'll probably want to take the update.

It's up to you basically ;)

Clem
Image
User avatar
clem
Level 15
Level 15
 
Posts: 5566
Joined: Wed Nov 15, 2006 8:34 am

Re: Linux Kernel Vunerability

Postby Husse on Sat Feb 16, 2008 4:08 pm

And I point this out again
As we have 2.6.22 we're probably safe

I think you can skip probably
Clem I'm not bashing you :) just driving home the fact that we're safe
Image
Don't fix it if it ain't broken, don't break it if you can't fix it
Husse
Level 21
Level 21
 
Posts: 19703
Joined: Sun Feb 11, 2007 7:22 am
Location: Near Borås Sweden

Re: Linux Kernel Vunerability

Postby clem on Sat Feb 16, 2008 8:17 pm

No problem at all :wink:
Image
User avatar
clem
Level 15
Level 15
 
Posts: 5566
Joined: Wed Nov 15, 2006 8:34 am

Re: Linux Kernel Vunerability

Postby linuxviolin on Mon Feb 18, 2008 10:31 am

Husse wrote:I think you can skip probably

No you should not skip this kernel update!

Husse wrote:As we have 2.6.22 we're probably safe

No, "the problem affects only kernels 2.6.17 and newer" and for Ubuntu the exploit is confirmed for Gutsy (2.6.22-14-generic), Hardy (2.6.24), Feisty. Importance: high
See here or here (
A security issue affects the following Ubuntu releases:

Ubuntu 6.10
Ubuntu 7.04
Ubuntu 7.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:
Details follow:

Wojciech Purczynski discovered that the vmsplice system call did
not properly perform verification of user-memory pointers. A local
attacker could exploit this to overwrite arbitrary kernel memory
and gain root privileges. (CVE-2008-0600)
)

You can read here for more explications on this vmsplice problem.

When the word of this problem first came out, it was thought to only affect 2.6.23 and 2.6.24 kernels (...) In fact, the vulnerability was the result of a different problem - and it is a much worse one, in that kernels all the way back to 2.6.17 are affected. At this point, a large proportion of running Linux systems are vulnerable.


Ubuntu 6.10/7.04/7.10 patched it on Feb. 12.
K.I.S.S. ===> "Keep It Simple, Stupid"
"Simplicity is the ultimate sophistication." (Leonardo da Vinci)
"Everything should be made as simple as possible, but no simpler." (Albert Einstein)
User avatar
linuxviolin
Level 8
Level 8
 
Posts: 2055
Joined: Tue Feb 27, 2007 6:55 pm
Location: France

Re: Linux Kernel Vunerability

Postby jdhore on Mon Feb 18, 2008 1:59 pm

Hate to say this, but before Ubuntu pushed out the patch, Mint WAS vulnerable...I know because i ran the exploit on 2 of my Mint systems and it succeeded.
jdhore
Level 1
Level 1
 
Posts: 35
Joined: Thu Nov 15, 2007 10:57 pm

Re: Linux Kernel Vunerability

Postby clem on Mon Feb 18, 2008 2:54 pm

Related kernel patches were moved from Level 5 to Level 3.

Clem.
Image
User avatar
clem
Level 15
Level 15
 
Posts: 5566
Joined: Wed Nov 15, 2006 8:34 am

Re: Linux Kernel Vunerability

Postby NoClue! on Mon Feb 18, 2008 3:15 pm

Will this break my nvidia and vbox drivers?
User avatar
NoClue!
Level 3
Level 3
 
Posts: 163
Joined: Sun Apr 01, 2007 1:51 am
Location: Chicago

Re: Linux Kernel Vunerability

Postby clem on Mon Feb 18, 2008 3:32 pm

You tell us :lol: :lol:

Since it's the same kernel I very much doubt so. But if it does please tell us immediately so we put this back to level 5. You know my position when it comes to stability vs security.

Clem.
Image
User avatar
clem
Level 15
Level 15
 
Posts: 5566
Joined: Wed Nov 15, 2006 8:34 am

Re: Linux Kernel Vunerability

Postby NoClue! on Mon Feb 18, 2008 4:09 pm

Well, since Clem put me up to the challenge I took the kernel updates, did a restart and everything works fine. Safe and secure again. hehehe
User avatar
NoClue!
Level 3
Level 3
 
Posts: 163
Joined: Sun Apr 01, 2007 1:51 am
Location: Chicago

Re: Linux Kernel Vunerability

Postby WoodCAT on Mon Feb 18, 2008 11:44 pm

I'm glad to report, that my machine running ATI restricted drives+xgl+compiz-fusion survived well too. :-)
User avatar
WoodCAT
Level 1
Level 1
 
Posts: 36
Joined: Mon Sep 10, 2007 9:34 am
Location: Breslau,Canada

Re: Linux Kernel Vunerability

Postby pete284 on Tue Feb 19, 2008 6:11 am

I've updated the kernel and everything works fine for me too (I'm using the unrestricted drivers)
User avatar
pete284
Level 1
Level 1
 
Posts: 36
Joined: Sun Jan 06, 2008 11:04 am
Location: Wrexham, Wales, UK

Re: Linux Kernel Vunerability

Postby Husse on Tue Feb 19, 2008 8:04 am

I feel a bit guilty here - but it was stated as above in the official announcement I was told
Sorry to have misinformed - will change the newsletter too
Image
Don't fix it if it ain't broken, don't break it if you can't fix it
Husse
Level 21
Level 21
 
Posts: 19703
Joined: Sun Feb 11, 2007 7:22 am
Location: Near Borås Sweden

Re: Linux Kernel Vunerability

Postby akshunj on Tue Feb 19, 2008 10:21 am

Has anyone realized that kernel updates are showing up in mintUpdate as Level 3 - Safe to Install? I've attached a screenshot. Not sure what happened, but I NEVER do kernel updates and I almost screwed myself into a driver re-compiling nightmare. FYI...

--Akshun J

mintUpdate.png
screenshot showing kernel updates as safe - Level 3
mintUpdate.png (98.24 KiB) Viewed 2836 times
User avatar
akshunj
Level 3
Level 3
 
Posts: 151
Joined: Wed Feb 21, 2007 11:24 am
Location: Atlanta, GA

Re: Linux Kernel Vunerability

Postby clem on Tue Feb 19, 2008 2:01 pm

Yes, these particular versions of the kernel were moved to Level 3 (see above in the thread).

Clem
Image
User avatar
clem
Level 15
Level 15
 
Posts: 5566
Joined: Wed Nov 15, 2006 8:34 am

Re: Linux Kernel Vunerability

Postby akshunj on Tue Feb 19, 2008 4:56 pm

clem wrote:Yes, these particular versions of the kernel were moved to Level 3 (see above in the thread).

Clem


Sorry, I wasn't reading as thoroughly as I should. It looks like this upgrade won't break drivers. Very nice. Thanks!

--Akshun J
User avatar
akshunj
Level 3
Level 3
 
Posts: 151
Joined: Wed Feb 21, 2007 11:24 am
Location: Atlanta, GA

Re: Linux Kernel Vunerability

Postby rootkowski on Fri Feb 22, 2008 4:42 am

Hi!

I heard the news some time ago but I thought i didn't have to bother since I'm behind a router. Anyway, I might just as well go and install the upgrade, but... I don't know if it is only the linux-image package that is required or should I install linux-headers as well (or maybe anything else too?).

Thanx!
rootkowski
Level 3
Level 3
 
Posts: 110
Joined: Tue Jun 26, 2007 5:06 am
Location: Wirral, UK

Re: Linux Kernel Vunerability

Postby Husse on Fri Feb 22, 2008 8:32 am

It's only some headers
And it's only if you have more than one user that something bad could happen
But on the other hand we all have at least two users - root and the "Superuser"
Image
Don't fix it if it ain't broken, don't break it if you can't fix it
Husse
Level 21
Level 21
 
Posts: 19703
Joined: Sun Feb 11, 2007 7:22 am
Location: Near Borås Sweden

Re: Linux Kernel Vunerability

Postby rootkowski on Fri Feb 22, 2008 9:48 am

Husse wrote:It's only some headers
And it's only if you have more than one user that something bad could happen
But on the other hand we all have at least two users - root and the "Superuser"


Sorry, I don't really understand. When I mark linux-image synaptic doesn't tell me to install anything else, but that feels quite wrong. So I attach a picture of the upgradable kernel packages and if you could tell me what is necessary and useful.

Image

Thanks!
rootkowski
Level 3
Level 3
 
Posts: 110
Joined: Tue Jun 26, 2007 5:06 am
Location: Wirral, UK

Linux Mint is funded by ads and donations.
 
Next

Return to Newbie Questions

Who is online

Users browsing this forum: curt, jimallyn and 26 guests