27-02-04 13:19
U opticaju exploit za ranjivost mremap() funkcije linuxova kernela
piše ACO DMITROVIĆ
Australski CERT javlja da su od 24. veljače u opticaju barem tri verzije koda koji koristi najnoviju ranjivost linuxove jezgre. Zamijećena je pojačana "napadačka aktivnost", koja govori u prilog ovakvoj tvrdnji.
Greška u sistemskoj funkciji mremap() omogućuje lokalnom korisniku da poveća svoje privilegije. Dakle propust može iskoristiti samo netko tko već ima svoj (ili tuđi :) korisnički račun na računalu.
Jedini je lijek instalacija nove verzija kernela. Naši paketaši izdali su novi kernel-cn, zasnovan na kodu verzije 2.4.25 s grsecurity pojačanjima. Ranjivost je ozbiljna, stoga ne treba čekati s instalacijom nove jezgre.
CARNetov CERT prenio je Debianovo upozorenje od 18.2.2004.:
http://www.cert.hr/advs.php?id=2906
AusCERT je objavio niz savjeta vezanih uz ovu ranjivost:
ESB-2004.0154 -- Debian Security Advisory DSA 444-1 -- New Linux 2.4.17
packages fix local root exploit (ia64)
http://www.auscert.org.au/3885
ESB-2004.0152 -- Debian Security Advisory DSA 442-1 -- New Linux 2.4.17
packages fix local root exploits and more (s390)
http://www.auscert.org.au/3883
ESB-2004.0141 -- RHSA-2004:066-01 -- Updated kernel packages fix security
vulnerability
http://www.auscert.org.au/3872
ESB-2004.0139 -- RHSA-2004:069-01 -- Updated kernel packages fix security
vulnerability
http://www.auscert.org.au/3870
ESB-2004.0138 -- SSA:2004-049-01 -- Kernel security update
http://www.auscert.org.au/3869
ESB-2004.0137 -- Debian Security Advisory DSA 441-1 -- New Linux 2.4.17
packages fix local root exploit (mips+mipsel)
http://www.auscert.org.au/3868
ESB-2004.0136 -- Debian Security Advisory DSA 440-1 -- New Linux 2.4.17
packages fix several local root exploits (powerpc/apus)
http://www.auscert.org.au/3867
ESB-2004.0135 -- Debian Security Advisory DSA 439-1 -- New Linux 2.4.16
packages fix several local root exploits (arm)
http://www.auscert.org.au/3866
ESB-2004.0131 -- RHSA-2004:065-01 -- Updated kernel packages resolve
security vulnerabilities
http://www.auscert.org.au/3862
ESB-2004.0130 -- Debian Security Advisory DSA 438-1 -- New Linux 2.4.18
packages fix local root exploit (alpha+i386+powerpc)
http://www.auscert.org.au/3861
ESB-2004.0047 -- Debian Security Advisory DSA 423-1 -- New Linux 2.4.17
packages fix several problems (ia64)
http://www.auscert.org.au/3757
Evo linka na još dva izvora informacija:
Linux kernel patch fixes memory management vulnerability
http://securecomputing.stanford.edu/alerts/linux-mremap-19feb2004.html
Linux kernel do_mremap VMA limit local privilege escalation vulnerability
http://www.isec.pl/vulnerabilities/isec-0014-mremap-unmap.txt
|
