vulnerabilities discovered in Linux kernel that may lead to a DoS or privilege escalation
A privilege escalation vulnerability has been identified in the widely used Linux kernel that could allow an attackers to take the control of users’ system.
On Thursday, the most popular distributor of open source Linux OS, Debian warned about this vulnerability (CVE-2014-3153) in a security update, along with some other vulnerabilities in the Linux kernel that may lead to a denial of service attack.
The most critical one is the flaw (CVE-2014-3153) discovered by Pinkie Pie which resides in the futex subsystem of Linux Kernel 2.6.32.62/3.2.59/3.4.91/3.10.41/3.12.21/3.14.5 versions, that could let an attacker with local access permission to gain access in order to perform unauthorized tasks.
[adsense size='1']
"Pinkie Pie discovered an issue in the futex subsystem that allows a local user to gain ring 0 control via the futex syscall," reads the advisory. "An unprivileged user could use this flaw to crash the kernel (resulting in denial of service) or for privilege escalation."
Pinkie Pie is the anonymous teenage ethical and skilled hacker who scooped at least $100,000 for bypassing the security features of Google's Chrome, many of them sandbox exploits, at both Pwnium and Pwn2Own competitions every year since 2012.
Kees Cook, a Google Chrome OS security researcher and Ubuntu contributor said that the latest flaw found by Pinkie Pie is "urgent to fix."
"Specifically, the futex syscall can leave a queued kernel waiter hanging on the stack. By manipulating the stack with further syscalls, the waiter structure can be altered. When later woken up, the altered waiter can result in arbitrary code execution in ring 0," Cook wrote Thursday on Seclists.org. "This flaw is especially urgent to fix because futex tends to be available within most Linux sandboxes (because it is used as a glibc pthread primitive)."
The vulnerability highlighted two days after Thomas Stangner reported a serious flaw in the chkrootkit (Check Rootkit), a rootkit detector, that allows a local attacker to gain root access to gain root control by executing malicious code inside the /tmp directory.
A common Unix-based program, chkrootkit helps system administrators to check their systems for known rootkits. The vulnerability in the chkrootkit, assigned CVE-2014-0476 ID, actually resides in the slapper() function in the shell script chkrootkit package. A non-root user can place any malicious executable file named 'update' in /tmp folder, which will get executed as root whenever chkrootkit will scan this directory for rootkits.
[adsense size='1']
Another security issues (CVE-2014-3144 and CVE-2014-3145) also have been discovered in the Linux kernel that could allow any local user to cause a Denial of Service (DoS) attack via crafted BPF instructions.
Debian has issued the patches for these vulnerabilities and encouraged Linux users to upgrade their Linux packages highlighting that the issue has been fixed in the stable distribution, version 3.2.57-3+deb7u2, and will be fixed in the unstable distribution as soon as possible.
Gloss