July 17, 2006

Quite a serious situation for the Linux kernel: right after the exploit that was used to break into a Debian server was known to have been patched by major distro makers, another Day Zero kernel vulnerability had to be patched! It seems that the Linux kernel is having more and more local privilege escalation vulnerabilities lately (source). Click on to read more… After gluck.debian.org was compromised on July 12 using a local privilege escalation vulnerability in the Linux kernel (the intruder had access to the server using a compromised developer account), the security of the latest linux kernels was somehow questioned.

As it seems, the bug that was exploited is CVE-2006-2451. Vulnerable kernels:

This was fixed on July 7th in RHEL4, July 8th in CentOS4.3, July 10th in rPath, July 12th in Ubuntu, July 15th in Fedora.

Suggestions on how to avoid being vulnerable, even without updating your kernel: disable corefiles.

This is not funny: right after that, a new kernel vulnerability was discovered (CVE-2006-3626), involving the /proc filesystem.

It was announced that the kernel 2.6.17.5 fixes the /proc issue, but a little too harshly. Less than one day later, 2.6.17.6 fixed it properly.