Tricky Linux Bug Hard to Squash
PrintIf you run a 64-bit version of Linux, take note, your system may be vulnerable to attack. Red Hat recently announced an exploit that would allow a local, unprivileged user to escalate their privileges, and while there are published workarounds, they may not completely plug up the security hole.
"The published workarounds that we've seen, including the workaround recommended by Red Hat, can themselves be worked around by an attack to still exploit the system," Jeff Arnold, CEO of Ksplice, said in a blog post. "For now, to be responsible and avoid helping attackers, we don't want to provide those technical details publicly; we've contacted Red Hat and other vendors with the details and we'll cover them in a future blog post, in a few weeks."
In the mean time, Ksplice -- which isn't a free service, but does offer a free trial -- can be used to receive advance notice of upcoming patches.
"Although it might seem self-serving, I do know of one sure way to fix this vulnerability right away on running production systems, and it doesn’t even require you to reboot: you can (for free) download Ksplice Uptrack and fully update any of the distributions that we support (We support RHEL, CentOS, Debian, Ubuntu, Parallels Virtuozzo Containers, OpenVZ, and CloudLinux," Arnold explains. "For high profile updates like this one, Ksplice optionally makes available an update for your distribution before your distribution officially releases a new kernel). We provide a free 30-day trial of Ksplice Uptrack on our website, and you can use this free trial to protect your systems, even if you cannot arrange to reboot anytime soon. It’s the best that we can do to help in this situation, and I hope that it’s useful to you."
Keep in mind that if an attacker has already comprised one of your Linux rigs, updating the system won't do a lick of good by itself since the exploit installs a backdoor. You can use this test tool to find out for sure.
Image Credit: penondelaguila.com.ar
More like this
8
Comments
Comments are closed on this article
PCLinuxguy
September 21, 2010 at 5:19pm
Wait.. so it's only for the local user, meaning someone at your workstation, not via the web like most hackers who send malware? I'm just trying to figure that out as I'm still a Linux newb though not afraid to ask questions.
PCLinuxguy
September 21, 2010 at 5:19pm
Wait.. so it's only for the local user, meaning someone at your workstation, not via the web like most hackers who send malware? I'm just trying to figure that out as I'm still a Linux newb though not afraid to ask questions.
dgrmouse
September 21, 2010 at 11:40am
Pawbear,
No, you're not correct.
Every Tuesday, Windows Update asks me to download at least two patches to correct security holes that allow compromise from unauthenticated remote computers. A single, soon to be patched, Linux flaw that allows privilidge escalation via an authenticated local host isn't newsworthy, it's simply a marketing opportunity.
whr4usa
September 21, 2010 at 12:57pm
dgrmouse it is in fact you whom are incorrect
UNauthenticated local user not authenticated & there are many ways to make remote users appear local or to gain legimate or socially-engineered access to real local user accounts via other means
also even with the record-setting patch releases from our beloved Microsoft over the summer only 1 dealt with an unauthenticated remote attacker on vista, none on 7, so you must still be using 32-bit XP & not keep your system well-hardened
BAMT
September 21, 2010 at 1:51pm
That really doesn't make sense unless there is a series of keystrokes that one can type in to a login prompt and gain root access, or a flash drive like device that can bypass a login prompt or lock screen (cough Windows + FireWire). It's authenticated unprivileged access that can be used to elevate to root, thus one must have a local account. So he is right.
Edit: Plus, when you try to sound superior, it REALLY helps to use proper grammar. It should be, "who are correct." Sorry, I have grammar problems.
leo655
September 21, 2010 at 7:12am
Has Linux become a main stream OS now that it has been attacked?
I Jedi
September 21, 2010 at 7:20am
So, you're suggesting that in order for any OS to become a main-stream choice for users, it has to be first be hacked/exploited? Well, my friend, Linux has been a main-stream OS for a very long time now then, as well as that worthless excuse for an OS - OSX
PawBear
September 21, 2010 at 6:47am
Am I correct in saying that this is not only a significant commercial issue but a serious infrastructure concern as well?
Connect with MaximumPC
Featured Content
The gang discusses the GTX 690, Trinity, Ivy Bridge, Amazon, big-box stores, MMOs,...
This month's issue
Feature
Build a PC On Any Budget
Feature
Cloud Services Showdown
How-To
Encrypt Your External Drive
Build It
Upgrade an X58 Rig
Most Commented Articles
Latest Max PC Tweets
- maximumpc: Original RickRoll Video Returns to YouTube After 24-Hour Copyright Hiatus http://t.co/MaH9Sxyy2 days 4 hours ago
- maximumpc: Corsair has decided not to go forward with its $78 million IPO, citing weak equity market conditions http://t.co/A5a4DAzj2 days 4 hours ago
- maximumpc: Want to work at Maximum PC? Our Online Managing Editor, Alex, is moving away, so we need a new one. http://t.co/9Z7JCh0E4 days 2 hours ago
