| DESY HOME | IT HOME | Print Preview | Print Window |
| do_munremap kernel exploit on DESY Linux |
A critical security vulnerability has been found in the Linux kernel memory management code inside the mremap(2) system call due to missing function return value check. This bug is completely unrelated to the mremap bug disclosed on 05-01-2004 except concerning the same internal kernel function code.
Since no special privileges are required to use the mremap(2) system call any process may use its unexpected behavior to disrupt the kernel memory management subsystem.
Proper exploitation of this vulnerability leads to local privilege escalation giving an attacker full super-user privileges. The vulnerability may also lead to a denial-of-service attack on the available system memory.
Tested and known to be vulnerable kernel versions are all <= 2.2.25, <= 2.4.24 and <= 2.6.2. For details, see the advisoriy by Paul Starzetz
The only safe method is to install a kernel which has been patched accordingly, or use 2.4.25 and later versions. This may not seem possible on all production systems, or at least not immediately. When using proprietary binary modules along with your kernel (e.g. with VMware), such an upgrade or patch may break compatibility and require further work.
For DESY Linux computers, we are providing the most recent 2.4.25 kernel RPM to fix the bug and will roll it out on Friday, February 20 2004, starting at midnight. The system will be set up to install this kernel at the next reboot (takes less than one minute) and boot again immediately to activate it.
If you do not want this automated upgrade on your computer, please send a message to linux@desy.de containing the hostname(s) and reasons for not applying the upgrade so that we can instruct our configuration management accordingly.
If your computer runs DESY Linux 4 or DESY Linux 5, but does not receive automatic updates via cron (e.g. because the 'ncu' flag is set in the equipment database), you can still run the SALAD card manually by using this command after becoming root on your system:
salad -p SECURITY.KERNEL -root /products/salad/service
The next reboot will then install and activate the new kernel RPM.
To perform a dry run first without actually installing the kernel, use
salad -p SECURITY.KERNEL -root /products/salad/service -test
Newly installed DESY Linux 4 and DESY Linux 5 systems receive a patched Kernel RPM during installation by default starting Friday, February 20 2004.
| Imprint | © 2010 | Last update: 23. Feb. 2004 | www-it@desy.de |