Vulnerabilities In Linux Allow Root Privileges


Recommended Posts

16 April 2009, 11:15

Vulnerabilities in Linux allow root privileges

According to a number of Linux distributors, a bug in the udev service under Linux can be exploited to obtain root privileges. The kernel uses udev to dynamically create device-specific files and folders (/dev/) for input and output, so that only devices which are actually connected appear in /dev. udev is not a direct component of the Linux kernel, but is included and activated by default in almost all Linux distributions which use 2.6 series kernels.

By sending crafted Netlink messages to udev, an attacker can create a globally writable block device file for an existing block device – including, according to Fedora, the root file system. By manipulating or creating files, this can reportedly be exploited to obtain root privileges.

The bug was discovered by Sebastian Krahmer from the SUSE Security Team, who found a further vulnerability in udev in the process in the form of an integer overflow in a function for decoding the path. This bug can also reportedly be exploited for a heap overflow. At present, however, it is clear only that the second bug can be used to crash udev. The Fedora team does not rule out the possibility that a user logged onto the system (locally or remotely) could exploit it to obtain root privileges. The Linux distributors have either already released or are currently preparing updated packages that address the vulnerability.

Heise - http://www.h-online.com/security/Vulnerabi...s--/news/113081

>>>>>>>>>>>>>>>>>

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...