Linux: a lot of hullabaloo about a vulnerability

A lot of noise has been made about a security vulnerability affecting the Linux core. The fault has been corrected and Linux editors are updating all of their systems after exploits appeared on the web.

Security vulnerabilities affecting the Linux core are not widely advertised in the media. But security researchers are of course aware of any discoveries. The Secunia database indicates that in 2011, no less than forty security alerts were released about faults in the core. The highest score given to these faults was moderate, rating 3 on a scale of 5.

Currently, a vulnerability in the Linux core which affects all versions since 2.6.39 is being widely spoken about. This is due to the core not correctly limiting access to /proc/ /mem, which can be exploited by a local attack which raises privileges to give the user root access.

For Secunia, the danger level of this fault is relatively low (level 2 out of 5). Users should therefore not be alarmed, especially since Linus Torvalds (founder of the Linux core) submitted a corrective patch to the official depot on the 17th of January.

Discovered by Jüri Aedla, this fault has been present in the kernel code since March 2011. The surprising thing though is that since Linus Torvalds issued his update, an exploit (proof of concept; PoC) has been published before distribution editors have been able to apply their patch. They are now in a hurry to do so. Canonical (Ubuntu) and Red Hat seem to be the most reactive of all distributions.

Numerous exploits have been made public including mempodipper with numerous explanations about how to create a local exploit for Android 4.0 going by the name mempodroid.