The Linux Kernel Bug, Vulnerability that went for Eight years Un-Noticed, Un-Fixed

Sometimes, we overlook a critical aspect which could mean that our efforts of decade can be blasted within seconds. Such is a bug found in Linux 2.4 Kernel.

According to security researchers, a bug in the Linux kernel has just been uncovered that makes just about every distribution utilizing kernel 2.4 and 2.6 on just about all architectures since May of 2001 vulnerable to a certain kind of attack.

You can imagine. Out of Today’s Linux systems, 95% use >2.4 <=2.6, so almst every Linux kernel is Vulnerable to this attack.

The bug allows an attacker to escalate local privileges and completely compromise the entire system. Julien Tinnes, a security researcher who does know his way around kernel code, wrote the following details about the bug.

At first sight, the code in af_ipx.c looks correct and seems to initialize .sendpage properly. However, due to a bug in the SOCKOPS_WRAP macro, sock_sendpage will not be initialized. This code is very fragile and there are many other protocols where proto_ops are not correctly initialized at all (vulnerable even without the bug in SOCKOPS_WRAP)… Since it leads to the kernel executing code at NULL, the vulnerability is as trivial as it can get to exploit: an attacker can just put code in the first page that will get executed with kernel privileges.Since it leads to the kernel executing code at NULL, the vulnerability is as trivial as it can get to exploit: an attacker can just put code in the first page that will get executed with kernel privileges.

Rodney Taylor, from security research at Secorix, said that the bug “passes my it’s-not-crying-wolf test so far,” and that he’d definitely check his enterprise Linux systems (providing he had any), see if it was related, and see if he needed to get a patch.

The damage is done, fair enough but luckily, there already is a patch, and it should be implemented into all future kernels from here on out.

A Safer world again.