Ancient Kernel Hole in Linux fixed after Two Months of reporting
By on August 30th, 2010

An ancient kernel hole in Linux, which has been present from 2003, was recently closed after constant nagging and bug reports. The problem was with the X server using a huge stack that has a good chance of running into an adjacent heap memory.

The same vulnerability was cited earlier and was brought to the notice of the Linux security team a number of times but they turned a deaf ear to it each time. Only recently, they have taken this seriously and Torvalds has finally fixed this bug. However, the bugfix itself requires a further fix and the complete change will appear in the next stable update of the Linux kernel. As for those running a development version, it is available for download  here.

Torvalds has implemented a guard between the stack and the heap so that the stack does not overrun the heap memory in any case. However, people everywhere are frowning upon the time of two months this problem took to be fixed, after the first citation and the first formal reporting. Linux has been held in high esteem for its security and this matter has earned Linux some bad name already.

Keith Packard, an X.org hacker was also working on a fix for this but his code was rejected by Torvalds as it violated some internal VM rules. The vulnerability was of an extremely serious nature.  As Rutkowska puts it,

While it isn’t a direct remote exploit, it only takes one vulnerable X client (web browser, PDF viewer, etc.) to turn it into something that is remotely exploitable.

(Source)

Tags: , ,
Author: Chinmoy Kanjilal Google Profile for Chinmoy Kanjilal
Chinmoy Kanjilal is a FOSS enthusiast and evangelist. He is passionate about Android. Security exploits turn him on and he loves to tinker with computer networks. He rants occasionally at Techarraz.com. You can connect with him on Twitter @ckandroid.

Chinmoy Kanjilal has written and can be contacted at chinmoy@techie-buzz.com.
 
Copyright 2006-2012 Techie Buzz. All Rights Reserved. Our content may not be reproduced on other websites. Content Delivery by MaxCDN