Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Circa 2007 Linux Kernel Vulnerability Resurfaces (Was CVE-2007-4573, Now CVE-2010-3301)

Published: 2010-09-17
Last Updated: 2010-09-17 16:15:38 UTC
by Robert Danford (Version: 1)
1 comment(s)

Several of our readers sent us a heads up about a Linux kernel vulnerability which was previously patched, but has
leaked back into the kernel.
The vulnerability exists in the 32-bit compatibility mode of the kernel and upon execution can result in a local root
compromise.

The Heise security team reportedly obtained a root shell on 64-bit Ubuntu 10.04 using this exploit.

The current workaround involves temporarily disabling the execution of 32-bit applications (See Full-Disclosure and the Redhat article below for details)

Reportedly all current Linux kernels are affected (patch is in the works) as well as backported kernels from vendors like Redhat.

References:
@benhawkes (Deserves the credit for discovering this re-emergence. Not linking as exploit code is provided)
http://xorl.wordpress.com/2009/08/07/cve-2007-4573-linux-kernel-ia32-system-call-emulation-vulnerability/
https://bugzilla.redhat.com/show_bug.cgi?id=634457
https://access.redhat.com/kb/docs/DOC-40265
http://www.heise.de/newsticker/meldung/Luecke-im-Linux-Kernel-ermoeglicht-Root-Rechte-1081195.html (German)
Full-Disclosure

Thanks to Jens Hektor and Dave for bringing this to our attention.

Robert
ISC Handler on Duty

1 comment(s)
Diary Archives