‘Critical’ Linux kernel bugs discovered
A critical update has been released for the open source operating system Linux. Researchers have discovered a new vulnerability in the kernel that makes all recent versions in the last eight years affected (2.4 and 2.6 kernels).
Julien Tinnes writes on his blog that:
The issue lies in how Linux deals with unavailable operations for some protocols. sock_sendpage and others don’t check for NULL pointers before dereferencing operations in the ops structure. Instead the kernel relies on correct initialization of those proto_ops structures with stubs (such as sock_no_sendpage) instead of NULL pointers.
At first sight, the code in af_ipx.c looks correct and seems to initialize .sendpage properly. However, due to a bug in the SOCKOPS_WRAP macro, sock_sendpage will not be initialized. This code is very fragile and there are many other protocols where proto_ops are not correctly initialized at all (vulnerable even without the bug in SOCKOPS_WRAP), see bluetooth for instance.
In less than one month this is the second time that a serious vulnerability has been found in Linux kernel. Recently in mid of July Brad Spengler of the grsecurity company have posted an exploit related to a bug in the kernel version 2.6.30 and 126.96.36.199 which can leads to fully compromise the box.
So here you can find more details about this vulnerability, while patching information available over here.
make sure you subscribe to my RSS feed!