Vulnerability found in Linux kernel
SecurityLab has posted a Linux kernel vulnerability alert that allows a local user to gain root privileges on the system.
The vulnerable vmsplice () system call was introduced for the first time in the 2.6.17 kernel. The vulnerability exists because the functions “vmsplice_to_user ()”, “copy_from_user_mmap_sem ()” and “get_iovec_page_array () of the fs / splice.c file do not check the pointers passed by them using the access_ok () call. The absence of such a check allows a local user to read and write arbitrary data into the kernel’s memory.
Thus, the vulnerability is dangerous because a local non-privileged user who has physical or remote (for example, via ssh) access to the system and correct credentials (including console access - the shell) can get root privileges or crash the system. .
')
All systems with vmsplice () system call support and compiled based on kernel versions from 2.6.17 to 2.6.23.16 and 2.6.24.2 are vulnerable. According to the notifications, the vulnerability does not apply to kernels that use grsecurity patches configured correctly.
SecurityLab set a low hazard rating for the vulnerability because, according to the scale used to assess the risk of the risk of vulnerabilities, all local vulnerabilities present a low hazard rating. This assessment is designed to ensure that the target system is correctly configured (from a security point of view), and there is no possibility of access to it from outside by a remote or unauthorized local user; Local accounts are configured with the correct access privileges, including console access. “strong” passwords are used and the latest updates for the software used are installed. Incorrect, from a security point of view, system configuration itself is a vulnerability and may increase the impact of other vulnerabilities on the system.
To eliminate the vulnerability, you need to download and install the patch available on the website of the manufacturer of your distribution, or rebuild the kernel available on the site www.kernel.org . After installing the patch, you will need to restart the system.
via 3dnews.ru
The vulnerable vmsplice () system call was introduced for the first time in the 2.6.17 kernel. The vulnerability exists because the functions “vmsplice_to_user ()”, “copy_from_user_mmap_sem ()” and “get_iovec_page_array () of the fs / splice.c file do not check the pointers passed by them using the access_ok () call. The absence of such a check allows a local user to read and write arbitrary data into the kernel’s memory.
Thus, the vulnerability is dangerous because a local non-privileged user who has physical or remote (for example, via ssh) access to the system and correct credentials (including console access - the shell) can get root privileges or crash the system. .
')
All systems with vmsplice () system call support and compiled based on kernel versions from 2.6.17 to 2.6.23.16 and 2.6.24.2 are vulnerable. According to the notifications, the vulnerability does not apply to kernels that use grsecurity patches configured correctly.
SecurityLab set a low hazard rating for the vulnerability because, according to the scale used to assess the risk of the risk of vulnerabilities, all local vulnerabilities present a low hazard rating. This assessment is designed to ensure that the target system is correctly configured (from a security point of view), and there is no possibility of access to it from outside by a remote or unauthorized local user; Local accounts are configured with the correct access privileges, including console access. “strong” passwords are used and the latest updates for the software used are installed. Incorrect, from a security point of view, system configuration itself is a vulnerability and may increase the impact of other vulnerabilities on the system.
To eliminate the vulnerability, you need to download and install the patch available on the website of the manufacturer of your distribution, or rebuild the kernel available on the site www.kernel.org . After installing the patch, you will need to restart the system.
via 3dnews.ru
Source: https://habr.com/ru/post/20211/
All Articles