Linux kernel vuln reloaded

Escalation of privileges

Security researchers have discovered a potentially serious security vulnerability within a Linux kernel memory management module.

The vulnerability is not remotely executable but it does allow privilege escalation. A hacker who obtains access to a local PC could be able to root a box.

At fault is a bug with the mremap(2) system sub-process, which was subject to an unrelated (but also significant) security problem a few weeks ago.

At risk this time around are versions of the Linux kernel from 2.2 up to and including 2.2.25; 2.4 up to and including 2.4.24; 2.6 up to and including 2.6.2.

Exploitation of the latest flaw is straightforward, according to Polish white hat hackers iSec, which unearthed both problems. But don't get too alarmed - there's no evidence that the vuln has been used in anger.

Users should patch all vulnerable systems as soon as appropriate vendor patches are released. Debian, for example, put out an update on the same day as iSec's advisory on Saturday (6 March). ®

Related Stories

Linux kernel security vuln fixed
Linux kernel backdoor blocked
Linux worm attempts to take over insecure servers

Sponsored: 5 critical considerations for enterprise cloud backup