Open Source Vendors Re-Patch Linux Core Flaws

Red Hat, Ubuntu and other Linux vendors have patched two flaws in the kernel that allowed users with low-level local access to gain control of a 64-bit Linux system.

The bugs were originally patched in 2007, with the release of kernel version 2.6.22.7, but sometime during the following months developers inadvertently removed the patch, according to Ben Hawkes, who discovered the flaws.

“I showed this to my friend Robert Swiecki who had written an exploit for the original bug in 2007, and he immediately said something along the lines of, ‘well this is interesting’. We pulled up his old exploit from 2007, and with a few minor modifications to the privilege escalation code, we had a root shell,” Hawkes wrote in an advisory last week.

64-bit systems affected

Kernel developers quickly developed a fix and Red Hat released its patches on Tuesday. Red Hat ranked both bugs as “important”. Red Hat’s advisories for the patches can be found here and here.

The flaws affect only 64-bit systems. Both flaws involve missing checks in the compat_alloc_user_space() function in the Linux kernel’s 32-bit compatibility layer for 64-bit systems.

“On 64-bit systems, a local, unprivileged user could use this flaw to escalate their privileges,” Red Hat said in its advisories.

Independent security vendor Secunia gave the flaws a “less critical” ranking, due to the fact that only local users with existing accounts could exploit the bugs.

Ubuntu, Debian and others have also issued patches.