“The null pointer dereference flaw was only fixed in the upcoming 2.6.32 release candidate of the Linux kernel, making virtually all production versions in use at the moment vulnerable. While attacks can be prevented by implementing a common feature known as mmap_min_addr, the RHEL distribution… doesn’t properly implement that protection… The… bug is mitigated by default on most Linux distributions, thanks to their correct implementation of the mmap_min_addr feature. … [Spengler] said many other Linux users are also vulnerable because they run older versions or are forced to turn off [mmap_min_addr] to run certain types of applications.”
- 6tr6tr wrote, On 11/04/2009 06:46 PM:
> ‘Bug in latest Linux gives untrusted users root access • The Register’
There is most definitely a patched kernel being prepared for the openSUSE versions still supported. Keep an eye on your updater applet.
Don’t panic, it’s a local problem.
cat /proc/sys/vm/mmap_min_addr **65536**
Looks like we’re safe for the most part.
**The latest bug is mitigated by default on most Linux distributions, thanks to their correct implementation of the mmap_min_addr feature. **But to make RHEL compatible with a larger body of applications, that distribution is vulnerable to attack even when the OS shows the feature is enabled, Spengler said.
“They’re putting their users at risk,” he said. “They’re basically the only distribution that’s still vulnerable to this class of attack.”
A Red Hat spokeswoman said patches for the versions 4 and 5 of RHEL and MRG are available here. An update for RHEL 3 is in testing and should be released soon.
He said many other Linux users are also vulnerable because they run older versions or are forced to turn off the feature to run certain types of applications.
What do you mean by “it’s a local problem”?
- 6tr6tr wrote, On 11/05/2009 02:26 AM:
> What do you mean by “it’s a local problem”?
The issue allows local users to gain root rights, AFAIK. Not more. Let’s say you have a desktop install with only one user and no ssh or telnet running, you are pretty safe.