LinuxDevices.com Archive Index (1999-2012) | 2013-current at LinuxGizmos.com | About  

Red Hat, Ubuntu, and Arch Linux patch Linux kernel exploit

Jan 24, 2012 — by Eric Brown — from the LinuxDevices Archive — views

[Updated: Jan. 25] — Red Hat, Canonical, and Arch Linux have released patches for a vulnerability in Linux kernels 2.6.39 and above that enables attackers to gain root access on a system. Proof-of-concept exploit code was posted last week after “CVE-2012-0056” was exposed — thanks to Linus Torvalds announcing a kernel patch before Linux distro projects had had time to apply it.

A kernel patch submitted on Jan. 17 by Linux overseer Linus Torvalds designed to repair a privilege escalation vulnerability quickly spawned the publication of proof-of-concept exploit code. The patch was publicized before Linux distro projects had time to apply their own patches — leaving any distro with Linux kernels 2.6.39 and above vulnerable to root access exploits.

Since then, Canonical (which sponsors the Ubuntu project) and Red Hat moved quickly to release their respective distro patches to address the problem, according to a story on The H as well as an IDG News report.

The kernel vulnerability, first noticed by Jüri Aedla, is caused by a failure of the Linux kernel to properly restrict access to a memory operations file, according to Lucian Constantin, writing on IDG News. The vulnerability was said to have been introduced in March 2011, and affects versions 2.6.39 and above. (That would include Linux kernels 3.0, which brought the kernel into the 3.x generation, as well as Linux 3.1 and the most recent Linux 3.2, which was announced earlier this month.)

When Torvalds announced the submission of the patch on the Linux kernel.org repository, hackers quickly pounced on the newly available information about CVE-2012-0056 before the Linux distribution vendors had a chance to apply a patch. On Jan. 22, security researcher and programmer Jason A. Donenfeld posted a proof-of-concept exploit called "mempodipper," and then published an in-depth technical overview.

The exploit manipulates the virtual working memory of a setuid root program such as su, thereby giving "a regular user of a Linux system root privileges," according to The H. Mempodipper appears to primarily be limited to Fedora or Gentoo, however, according to IDG News.

Exploit migrates to Android 4.0

Donenfield's explanation inspired other hackers to post additional exploits, according to Constantin. These were said to include an exploit from iPhone jailbreak specialist ("Cydia") Jay Freeman, also known as "saurik." Freeman quickly posted a mempodipper-derived local root exploit for Android 4.0 called mempodroid.

Among the Linux distros, meanwhile, the Ubuntu 11.10 patch and Red Hat SystemTap script fix have reached users. Meanwhile, Arch Linux developer Dieter Plaetinck has informed us that the Arch team has posted its own fix, as seen here and here. The packages have already been shipped to Arch Linux users, he added.

No doubt, many more patches are on the way.

Last August, attackers compromised several servers at kernel.org using an off-the-shelf Trojan that entered via a compromised user credential. The attacks took the kernel.org sites down for several weeks, delaying Linux 3.1 in the process, but did not appear to affect the source code for the Linux kernel.

Eric Brown can be reached at [email protected].


This article was originally published on LinuxDevices.com and has been donated to the open source community by QuinStreet Inc. Please visit LinuxToday.com for up-to-date news and articles about Linux and open source.



Comments are closed.