AboutWelcome to Free Software Daily (FSD). FSD is a hub for news and articles by and for the free and open source community. FSD is a community driven site where members of the community submit and vote for the stories that they think are important and interesting to them. Click the "About" link to read more...
On July 16, Brad Spengler disclosed an easily-exploitable kernel vulnerability based on getting the kernel to dereference a null pointer. This security hole affected a version of the kernel which had not been widely distributed, so it was a problem for relatively few users, but it highlighted a class of problems which was sure to be seen again.
We think that it's important for developers and system administrators to be more knowledgeable about the attacks that black hats regularly use to take control of systems, and so, today, we're going to start from where we left off and go all the way to a working exploit for a NULL pointer dereference in a toy kernel module.
Brad Spengler, the developer behind the Grsecurity project, has published an exploit for a vulnerability in the Tun interface in Linux kernel 2.6.30 and 2.6.18, used in Red Hat Enterprise Linux 5 (RHEL5), which can be exploited by attackers to obtain root privileges. Of particular interest is the fact that the exploit is even able to circumvent security extensions such as SELinux.
On August 14th, I wrote about a Linux NULL security flaw affecting all Linux vendors. Linux founder Linus Torvalds had a patch for the kernel the same day, but how long did it take the big enterprise vendors?
Today, Tor Braham took the stand again in the SCO v. Novell trial in Utah, and SCO had a chance to cross examine him. He said something interesting, that he remembers a lot about the APA, because it was a very significant deal, one that he knew at the time was important, because it would affect the future of Unix. It explains why after all these years he still has the drafts, don't you think?
By now, most readers will be familiar with the local kernel exploit recently posted by Brad Spengler. This vulnerability, which affects the 2.6.30 kernel (and a test version of the RHEL5 "2.6.18" kernel), is interesting in a number of ways. This article will look in detail at how the exploit works and the surprising chain of failures which made it possible.
I told you already of the French Remaster I made for my 82-year old neighbor - read it here - . Well, I knew it was only a matter time before his Win2K would run into trouble.
Over at Linux Magazine Online, Jon maddog Hall writes that on Friday the 13th, 2009 at 11:31:30pm UTC UNIX time will reach 1,234,567,890. This will be Friday, February 13th at 1831 and 30 seconds EST.
