Local Root Exploit in Udev
The udev subsystem allows the Linux kernel, together with a userland program, to manage device nodes dynamically, adding and removing them at will. It has now been revealed that the communication channel between the kernel and program fails to authenticate, so that users can assume root privileges.
The udev subsystem and the udevd daemon communicate in userspace over the netlink interface. Sending KOBJECT_UEVENT messages unfortunately doesn't verify who sent them. The result is that normal users can assume read privileges for a random device. If the device has a major and minor number of the root block device, invasive code can be applied to alter the system. A root exploit could then be quite simple for an attacker.
The root exploit was discovered by Sebastian Krahmer of the SUSE Security Team, which had become apprised of the CVE-2009-1185 spoofing exposure. The udev “trickery" exploit also points to another vulnerability in the CVE-2009-1186 stack buffer overflow exposure. Unfortunately, MITRE has not released further details on these vulnerabilities. All larger Linux distros have openly declared to be affected by them, so the distros are now providing updated packages.
Issue 192/2016
Buy this issue as a PDF
News
-
Nextcloud Announces Raspberry Pi-Powered Home Cloud Box
Innovative system adds a hard drive and Ubuntu Core to the RPi for an IoT hub.
-
Linus Torvalds Confirms the Date of the First Linux Release
Linux is two weeks younger than we thought!
-
End of OpenOffice?
The Apache Software Foundation considers retiring OpenOffice
-
Adobe Gives New Life to NPAPI Plugin for Linux
Adobe won’t kill the plugin in 2017
-
LinuxCon North America Convenes in Toronto, Canada
Linux Foundation's big event celebrates the 25th anniversary of Linux
-
Linux Turns 25
Linux has evolved from “won’t be a professional” project to one of the most professional software projects in the history of computers.
-
Mirantis Joins Hands with SUSE To Offer RHEL Support; Red Hat Not Happy
Competitors get in the game with RHEL without Red Hat
-
Linux on Windows 10 Poses a Security Risk
Security researchers have already notified Microsoft; some fixes are available
-
Mirantis to Refactor OpenStack Fuel for Kubernetes
The company is collaborating with Google and Intel to use Kubernetes as an engine for Fuel
-
Canonical Joins Document Foundation Advisory Board
The upcoming release of LibreOffice will be available as a snap package