Multiple Linux flaws show that Linux also has kernel issues

Not to defend Microsoft, as kernel exploits that provide privileged access are
terrible flaws, but we had an interesting discussion in the talkbacks where
several people acted as if Microsoft was the only place that could’ve made such
mistakes. Well, the proof is in the pudding that this is a common flaw across
operating systems that is difficult to catch due to the complexities of kernel
code.

Highlighted by moshler

Dann Frazier of Debian posted to Full Disclosure today about four
vulnerabilities that allow local (this means you can’t do it over the Internet,
unless you’ve already compromised a user account in some way remotely, the same
applied to the Windows flaw that I spoke of, but there were questions around
what exactly local meant, it does not mean you have to sit at the box
physically) attacks against the kernel that result in arbitrary code execution
or Denial of Service conditions. The contents of his email are posted below:

Highlighted by moshler

CVE-2007-6694
Cyrill Gorcunov reported a NULL pointer dereference in code specific to the
CHRP PowerPC platforms. Local users could exploit this issue to achieve a Denial
of Service (DoS).

Highlighted by moshler

CVE-2008-0007
Nick Piggin of SuSE discovered a number of issues in subsystems which register
a fault handler for memory mapped areas. This issue can be exploited by local
users to achieve a Denial of Service (DoS) and possibly execute arbitrary code.
CVE-2008-1294

Highlighted by moshler

David Peer discovered that users could escape administrator imposed cpu time
limitations (RLIMIT_CPU) by setting a limit of 0.
CVE-2008-1375

Highlighted by moshler

Alexander Viro discovered a race condition in the directory notification
subsystem that allows local users to cause a Denial of Service (oops) and
possibly result in an escalation of privileges.

Highlighted by moshler

For the stable distribution (etch), this problem has been fixed in version
2.6.18.dfsg.1-18etch3.
The unstable (sid) and testing distributions will be fixed soon.
We recommend that you upgrade your linux-2.6, fai-kernels, and user-mode-linux
packages.

Highlighted by moshler

Some of these look to be pretty serious bugs. The two newest do not have
security focus entries yet, but as far as I’m aware there currently exists no
public exploit code for this, which is a good thing. It’s also important to
note, but this should be obvious, this doesn’t just affect Debian, it’s simply
that the advisory came from Debian’s folks today… so make sure you’re fixing
your system up, whatever *Nix flavor you like.

Highlighted by moshler

Nathan McFeters is a Senior Security Advisor for Ernst & Young's Advanced
Security Center in Chicago. The views and opinions expressed in this article are
his own and do not represent the views and opinions of Ernst & Young Advanced
Security Center or Ernst & Young, LLP. Nathan has performed web application,
deep source code, Internet, Intranet, wireless, dial-up, and social engineering
engagements for numerous clients in the Fortune 500 during his career at Ernst &
Young and has spoken at a number of prestigious conferences, including Black
Hat, DEFCON, ToorCon, and Hack in the Box. He can be found at his Pwn* blog and
XS-Sniper, a blog with Billy Rios. See his full profile and disclosure of his
industry affiliations.

Highlighted by moshler