Random Hacks: Remote root holes reported as "denial of service" http://www.randomhacks.net/articles/2009/04/30/remote-root-holes-reported-as-denial-of-service en-us 40 Technology and Other Fun Stuff "Remote root holes reported as "denial of service"" by Edward <p>If the Linux kernel team finds a security vulnerability internally, and has not received any public security reports, they will release it as a bugfix release and not a security release. Known or unknown, this is just what they do, and anyone with a sufficient bit of expertise kernel hacking can trawl through the commit log looking for &#8220;suspicious&#8221; commits and then attempts to exploit this. (I know someone who does this for lulz). You should always keep your kernel up-to-date, regardless of what they say.</p> Thu, 30 Apr 2009 15:19:47 +0000 urn:uuid:87a26bf6-e19b-47bb-84b7-280d83acee4d http://www.randomhacks.net/articles/2009/04/30/remote-root-holes-reported-as-denial-of-service#comment-611 Remote root holes reported as &quot;denial of service&quot; <p>Via <a href="http://lwn.net/Articles/330866/">LWN</a>.</p> <p>If you&#8217;re a Linux system administrator, you shouldn&#8217;t put your faith in security advisories. The <a href="http://kernelbof.blogspot.com/2009/04/kernel-memory-corruptions-are-not-just.html">kernelbof</a> blog accuses Linux distributors of being too quick to label security bugs as &#8220;denial of service&#8221; attacks:</p> <blockquote> I&#8217;m wondering why kernel developers (or vendors?) continue to claim that kernel memory corruption are just Denial of Service. Most of the times they _are_ exploitable. </blockquote> <p>As an example, the author quotes <a href="http://www.ubuntu.com/usn/usn-751-1">Ubuntu Security Notice 751</a>:</p> <blockquote>The SCTP stack did not correctly validate FORWARD-TSN packets. A remote attacker could send specially crafted SCTP traffic causing a system crash, <strong>leading to a denial of service.</strong></blockquote> <p>(Emphasis added.)</p> <p>The author claims, however, to have created an exploit for this bug. He says his exploit allows a remote attacker to gain root access, often on the first attempt. If this is true, it would give him a quick way to gain control over any Linux system which has a process listening to an SCTP socket.</p> <p>Ubuntu&#8217;s security team is not doing system administrators any favors by labeling memory corruption as &#8220;denial of service&#8221; attacks. If you can corrupt memory, there are some terrifyingly clever ways to run code. And marking memory as non-executable won&#8217;t necessarily protect you.</p> <p>If you administer a Linux system, you should probably aim to patch alleged &#8220;denial of service&#8221; bugs as quickly as you can.</p> Thu, 30 Apr 2009 12:57:00 +0000 urn:uuid:c25e2eee-9864-43d8-8b0b-6b0c0a4af6b1 Eric Kidd http://www.randomhacks.net/articles/2009/04/30/remote-root-holes-reported-as-denial-of-service Linux Security http://www.randomhacks.net/articles/trackback/609