[security-announce] New Linux kernel privilege escalation - heads up notice
Hi, A bug in the Linux kernels "pipe" system call implementation was found which can be used by local attackers to gain root privileges. CVE-2009-3547 http://www.openwall.com/lists/oss-security/2009/11/03/1 This problem affects all our currently maintained Linux products. - SUSE Linux Enterprise Server 9 / Open Enterprise Server 1 Are affected. Updates are being prepared and will be released next week. There is unfortunately no workaround possible. - SUSE Linux Enterprise Server / Desktop 10 SP2, Open Enterprise Server 2 SP1 Are affected. Updates are being QA'ed and will be released begin of next week. There is unfortunately no workaround possible. - SUSE Linux Enterprise Server / Desktop 10 SP3 Are affected. Updates are being QA'ed and will be released begin of next week. A workaround is possible by enabling the MMAP null page exploitprotection by enabling the "mmap_min_addr" protection in this kernel, by doing (as root): echo -n 65536 > /proc/sys/vm/mmap_min_addr To keep this persistent over the next boot, you can also add it to /etc/sysctl.conf: vm.mmap_min_addr = 65536 (We did not enable this by default to avoid breaking legacy software.) - SUSE Linux Enterprise Server / Desktop 11 openSUSE 11.0 openSUSE 11.1 Are affected by this problem, but the exploit can not be used to execute code, just to cause a crash / "Oops". The kernel is using the MMAP null page exploit protection by default and so the exploit is not effective (will just lead to a Ooops). You can verify the protection to be enabled by doing: cat /proc/sys/vm/mmap_min_addr A value larger than 0 means "enabled". Updates that fix this issue will be published, but not in the same hurry as for the older product lines. The several days delay in getting Kernel updates out is due to kernel QA taking around 4 days, as they include numbers of regressions, burn-in and partner tests and careful evaluation of the generated results. Ciao, Marcus
participants (1)
-
Marcus Meissner