www.LinuxHowtos.org

Not long ago, some people discovered a severe security flaw in older linux kernels when handling core dumps.

Vulnerable Systems:

• Linux Kernel 2.6.17.4 and prior
• Linux Kernel 2.6.16.24 and prior

The kernel does not check write permissions when writing a core file.
If an attacker can change into a directory where he/she doesn't has write permissions and makes a specially crafted file produce a corefile, the attacker might gain root access.

A know exploit uses /etc/cron.* to make a cronjob executed by root. Other atack might be possible, too.

To prevent the exploit above, a chmod 750 /etc/cron.* or a chattr -i /etc/cron.dmight prevent this attack.

Options are that you upgrade to the newest kernel as soon as possible or you change the core file name scheme to a absolute path where normal users don't have read/write/execute permission and no program is doing anything with files in this directory.

This vulnerable is criticial, don't delay fixing!

See Also:

• Securiteam: Linux Kernel 2.6.x PRCTL Core Dump Handling (Exploit)

---

rate this article:
current rating: average rating: 1.4 (42 votes) (1=very good 6=terrible)
Your rating:

Very good (1) Good (2) ok (3) average (4) bad (5) terrible (6)

back