Home > Vulnerabilities > Linux Kernel Vulnerability: Should You Care?

Linux Kernel Vulnerability: Should You Care?

August 18th, 2009 Leave a comment Go to comments

The Linux kernel has been vulnerable to a local privilege escalation vulnerability since 2001, but we’re (the good guys) just now finding out about it. We don’t know if the bad guys have already known about this for a long time. The vulnerability allows local users to become root. Sounds scary, huh?

Maybe it is and maybe it isn’t. Local privilege escalation vulnerabilities aren’t actually all that uncommon. Usually, they come from applications running as root or, on Windows, as SYSTEM. I have actually found a fair number of these myself on Windows. Simply look for a service running as SYSTEM that interacts with the desktop and chances are you can get SYSTEM access in just a few minutes.

That’s not to say this isn’t a serious vulnerability. Any time the operating system, itself, allows an unauthorized user to gain privileged mode, you should stand up and take notice. It means that the OS isn’t enforcing privilege separation at all and logical access controls are useless. Even SELinux, which is a mandatory access-control system, won’t protect you from this one. Exploit code is available.

But should you drop everything you’re doing and patch? In order to answer that question, you have to put the vulnerability into context. Here are some questions you should be asking yourself:

  • Where is the important data located?
  • Which systems are most exposed?
  • How will downtime affect my operations? Are there financial penalties?
  • Do I have other system-level remotely exploitable vulnerabilities in the environment?
  • Am I even keeping AV signatures up-to-date across the organization?
  • Do I allow unvetted users local access to my Linux servers?
  • Do I run proprietary software dependent on a particular kernel version?

It’s important to note that, just because you don’t allow users local access, that doesn’t mean a lesser attack can’t lead to root. If someone is able to compromise your web server and become the apache user, for example, then they might be able to escalate their privilege through this attack.

Context is important. This may be serious, but there may be other problems in your organization which are more serious. Take care of those first. If you’re doing well enough to have the luxury of jumping right on this and fixing it, congratulations.

Categories: Vulnerabilities Tags: ,
  1. No comments yet.
  1. No trackbacks yet.