January 05, PC World
There is a critical vulnerability in the code used to manage virtual memory on Linux systems. The vulnerability affects versions of the Linux kernel up to and including version 2.6 and would give low−level Linux users total control over a Linux system. ISEC Security Research said Monday, January 5, that the problem is in kernel code for a component called "mremap," the core of the Linux operating system that provides basic services for all other parts of the operating system such as allocating processor time for the programs running on the computer and managing the system's memory or storage. Attackers could use the vulnerability to create an invalid virtual memory area, which could destabilize the Linux operating system or allow a malicious user to run attack code on the system. Attackers would need local user access to the vulnerable machine, but would not need any special privileges on the Linux system to exploit the hole, ISEC said. ISEC said they have developed test code to exploit the mremap vulnerability. Users should fix vulnerable systems as soon as software patches became available from their vendor.
The original advisory is available here:
http://isec.pl/vulnerabilities04.html
Source:
http://www.pcworld.com/resource/printable/article/0,aid,1140 88,00.asp
There is a critical vulnerability in the code used to manage virtual memory on Linux systems. The vulnerability affects versions of the Linux kernel up to and including version 2.6 and would give low−level Linux users total control over a Linux system. ISEC Security Research said Monday, January 5, that the problem is in kernel code for a component called "mremap," the core of the Linux operating system that provides basic services for all other parts of the operating system such as allocating processor time for the programs running on the computer and managing the system's memory or storage. Attackers could use the vulnerability to create an invalid virtual memory area, which could destabilize the Linux operating system or allow a malicious user to run attack code on the system. Attackers would need local user access to the vulnerable machine, but would not need any special privileges on the Linux system to exploit the hole, ISEC said. ISEC said they have developed test code to exploit the mremap vulnerability. Users should fix vulnerable systems as soon as software patches became available from their vendor.
The original advisory is available here:
http://isec.pl/vulnerabilities04.html
Source:
http://www.pcworld.com/resource/printable/article/0,aid,1140 88,00.asp