Vulnerabilities in Linux Kernel Allow Privilege Escalation and DoS Attack

0

Multiple flaws have been uncovered inside the Linux Kernel and related software could allow hackers to hack into Linux based machines, shared hosting servers, and websites hosted on them.

A privilege escalation vulnerability has been identified inside the widely used Linux kernel that could allow attackers to take control of users systems or servers.

Thursday, the popular Linux OS distribution company, Debian, warned about the privilege escalation vulnerability (CVE-2014-3153) alongside a security update. The update also patched a number of vulnerabilities, including one that could lead to a denial of service attack.

The most critical vulnerability (CVE-2014-3153), was discovered by hacker Pinkie Pie. Vulnerability (CVE-2014-3153) resides in the “futex subsystem call of Linux Kernel 2.6.32.62/3.2.59/3.4.91/3.10.41/3.12.21/3.14.5 versions, leaving a queued kernel waiter on the stack, which can be exploited to potentially execute arbitrary code with kernel mode privileges,” researchers reported.

The official Debian security update read:

Pinkie Pie discovered an issue in the futex subsystem that allows a local user to gain ring 0 control via the futex syscall. An unprivileged user could use this flaw to crash the kernel (resulting in denial of service) or for privilege escalation.

Pinkie Pie is the anonymous teenage hacker who has won over $100,000 for bypassing security features inside of Google Chrome, at both Pwnium and Pwn2Own competitions. Pinkie Pie has been identifying vulnerabilities at competitions since 2012.

pia red

Google Chrome OS security researcher and Ubuntu contributor, Kees Cook, has noted that the latest vulnerability uncovered by Pinkie Pie is “urgent to fix.”

“Specifically, the futex syscall can leave a queued kernel waiter hanging on the stack. By manipulating the stack with further syscalls, the waiter structure can be altered. When later woken up, the altered waiter can result in arbitrary code execution in ring 0,” Cook wrote Thursday on Seclists.org. “This flaw is especially urgent to fix because futex tends to be available within most Linux sandboxes (because it is used as a glibc pthread primitive).”

Another critical vulnerability was spotted inside Linux Kernel’s chkrootkit command. Chkrootkit stands for check rootkit, and is a rootkit detector, this vulnerability allows a local attacker to gain root access to then further gain root control by executing malicious code inside the /tmp Linux directory.

The program chkrootkit, is commonly used to help system administrators (SysAdmin) to check systems for known rootkits. The vulnerability discovered in chkrootkit (CVE-2014-0476), was reported to reside in the slapper() function inside the shell script of the chkrootkit package. An attacker without root access can inject malicious executable files named ‘update’ into the /tmp folder, which will execute as root whenever chkrootkit scans the /tmp directory for rootkits.

pia red

Other vulnerabilities dug up by researchers include CVE-2014-3144 and CVE-2014-3145, these could allow any local user to cause a denial of service (DoS) attack system crash via “crafted BPF instructions.”

The Debian distributor has issued patches for the vulnerabilities and urge all Linux users to upgrade their Linux packages noting that the issues have been fixed in the latest Debian distribution, version 3.2.57-3+deb7u2, and will be fixed in unstable distributions as soon as possible.

About Author

Brandon Stosh is the founder and CEO of www.freedomhacker.net. Stosh is a cyber security researcher and professional consultant who strives to provide reliable news on cyber-security based topics.

Leave A Reply

Send this to friend