Security flaw in Linux kernel gets vendor patches

Computerworld - A security vulnerability in the Linux kernel that could have allowed a hacker to gain control of the operating system on user machines has been patched by the open-source community and Linux vendors.
The flaw, which was found last month by Paul Starzetz, a researcher with the nonprofit group iSEC Security Research in Poland, was in Linux kernel memory management code. The flaw, which was publicly announced on Wednesday, could have allowed an attacker to get into the system as a local user and then gain root, or administrator, privileges on the target system, according to iSEC.
In an e-mail today, Starzetz wrote that the bug affects all kernels from the 2.4 series to 2.4.24, all 2.2 kernels to 2.2.25 and the 2.6 kernel series including 2.6.2. The only kernels that are not vulnerable, he said, are 2.4.25 and 2.6.3.
Patches are being worked on for the 2.2 series kernel, he said. All the odd kernel releases including 2.3 and 2.5 are also vulnerable, but it's unlikely that many people use them because they are development kernels, not release models.
"The bug is very serious," he wrote, if an attacker gains local access to a vulnerable machine. On a scale of 0 to 10, with 0 being no bug at all, the vulnerability would be scored 10, or "the most serious danger we can imagine," he said. "Due to this seriousness we decided to delay the release of the exploit code until the next week (so that people who care about their machines have enough time to update them)."
The problem can only be corrected by upgrading a vulnerable machine to the latest kernel version, Starzetz wrote.
Mark Cox, security response team leader at Linux vendor Red Hat Inc. in Raleigh, N.C., said iSEC researchers quickly notified Linux team leaders and vendors of the problem after they discovered it, giving the open-source community time to create patches and get them posted for users.
"These are issues found by goods guys, reported responsibly and dealt with in the right way," Cox said. "It's just kind of a textbook example of how these things should work out."
No reports of any attack using the vulnerability have been received, Cox said.
Patches have already been posted by major vendors, including Red Hat and SUSE Linux AG.
Last month, iSEC found and reported a similar but unrelated security vulnerability in the Linux kernel memory management code. Patches for that problem were also made available by Red Hat, SUSE and other Linux vendors.
Chris Mason, a software developer at Nuremberg, Germany-based SUSE, said that once the vulnerabilities are patched, the problem is resolved.
"It's the kind of thing that gets found from time to time in the open-source community and we fix them," Mason said.