Sukhdeep Singh
Host4Cheap.org
[FONT=Arial,Helvetica]Feb. 11, 2008[/FONT]
[FONT=Arial,Helvetica] Security, the experts like to tell us, is a process, not a product.
With open source that can be a very good thing since when security problems are found they can be fixed quickly. That's the case over this last weekend, Feb. 9-10, when a security problem was found, and given a hot fix, in the 2.6.17 to the most recent production Linux kernel, 2.6.24.1.
The problem's exploit was first shown on the security site Milw0rm. The specific trouble is with the kernel system call sys_vmsplice.
This system call moves data from a user space memory address range via a pipe to another destination. Like its relations, splice, which reads and writes data to/from the buffer and tee, which is commonly used to display a program's output and sends it into a file, this is a data transfer system call. It is primarily used in virtual memory management. Thus, in and of itself, end-users will never directly encounter it.
However, thanks to the release of exploit code, a user with just a bit of knowledge on how to compile his or her own program in Linux will be able to exploit a server. The bug's effect is, in those versions of Linux using these kernels with this system call compiled in, to enable ordinary users with shell access to obtain root, superuser privileges. The security hole has been demonstrated in Debian, Fedora and Ubuntu. [/FONT]
Source : *www.linux-watch.com/news/NS8844914464.html