The flaw was discovered in the 2.4 version of the kernel, however new 2.4 and 2.6 kernels were released yesterday to mitigate the problem. Attackers exploiting this problem could gain root system privileges or cause a denial-of-service on a flawed system.

"On a scale from zero to 10 where zero means no danger at all and 10 the most dangerous hole -- all in the case of a local attacker that means a person with local shell access -- this hole can be scored as 10," said Paul Starzetz, a researcher with Polish security firm iSEC Security.

Starzetz also discovered a critical flaw in the same kernel function in January; this week's flaw is unrelated according to Starzetz. He said the new flaw is a missing function return value check in the memory management code inside mremap called do_munmap.

"The first remap bug was a 'boundary condition error' -- that means the mremap code failed to work well if certain unusual arguments were provided," Starzetz said. "The second hole bases on an unchecked function invocation -- that means the code tries to do something but doesn't check if the do_munmap subfunction did its job or not."

Red Hat Inc. and other vendors have issued patches for their distributions.

"Since no special privileges are required to use the mremap system call any process may use its unexpected behavior to disrupt the kernel memory management subsystem," said an alert from iSEC.

Read this full article at techtarget.com

Only registered users can write comments.
Please login or register.

Powered by AkoComment!