New Linux Flaw Enables Null Pointer Exploits

[Jamon Camisso]

Michael Lauzon wrote:
> From the article:
> 
> A researcher has published exploit code for a new vulnerability he
> discovered in the Linux kernel. The vulnerability is an especially
> interesting one in that the researcher who discovered it, Brad
> Spengler, has demonstrated that he can use the weakness to defeat many
> of the add-on security protections offered by SELinux and AppArmor.
> 
> The vulnerability affects both the 2.6.30 and 2.6.30.1 releases of the
> Linux kernel, and in a message to the Daily Dave mailing list Spengler
> said that he was able to exploit the flaw. He said that he was able to
> defeat the protection against exploiting NULL pointer dereferences on
> systems running SELinux and those running typical Linux
> implementations. SELinux is a set of security enhancements to the
> Linux OS developed by the National Security Agency.
> 
> Link: http://threatpost.com/blogs/researcher-uses-new-linux-kernel-flaw-bypass-selinux-other-protections

It is an interesting bug because it is a compiler related optimization 
that creates the conditions necessary to exploit it.
http://isc.sans.org/diary.html?storyid=6820

I doubt many people are running 2.6.30/2.6.30.1, and even fewer with 
SELinux/AppArmor etc. Pretty niche, but a great discovery on the 
researcher's part.

Jamon
--
The Toronto Linux Users Group.      Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists