main
Report a problem

Linux Kernel Random Number Generator flaw

franzon   on 24 November 2007 - 03:24 · 5 comments & 6412 views

Advertisement (Why?)
According to security researchers, the Linux kernel is prone to a local vulnerability that may result in a DoS or privilege escalation, possibly allowing the attackers to run arbitrary code on the target system. This issue stems from a stack-based overflow in kernel memory; if uccessfully exploited this issue allows local attackers to trigger kernel crashes and, in certain circumstances, also allows them to gain elevated privileges. However, the attacker may require partial administrative access via granular assignments of superuser privileges. Linux kernel versions prior to 2.6.22.3 are affected by this issue

News Source: securityfocus.com

Share this Article

  • Technorati
  • Magnolia
  • Stumble upon it
  • Reddit
  • Blink List
  • Delicious
  • Slashdot
  • Furl
  • Facebook
  • Windows Live
  • Google
  • Newsvine
  • Yahoo
  • RawSugar
  • Netvouz

About the Author

Full name: Unknown
User name: franzon
Contact: via forum PM
Submissions: View All
More: View Profile

Related news

 

Post a comment · Send to friend Comments · There are 5 additional comments
(3 replies) #1 RAID 0 on 24 Nov 2007 - 09:01
BUM BUM BUMMMMMM!

Is Apple next?
#1.1 mrmckeb on 24 Nov 2007 - 10:15
You won't hear about it if they are lol.
#1.2 Foub on 24 Nov 2007 - 10:21
Quote - (mrmckeb said @ #1.1)
You won't hear about it if they are lol.


More likely they'll claim that its a feature...
#1.3 vetmarkjensen on 24 Nov 2007 - 20:23
Quote - (RAID 0 said @ #1)
BUM BUM BUMMMMMM!

Is Apple next?
There are a few differences between this and the earlier article (I believe it was this one that you are referencing) about not-quite-random-enough numbers in the earlier news article. The previous one was an analysis across a broad range of Operating Systems (including Apple, like you mentioned), but was relevent for spoofing TCP, and is remotely exploitable.

This is something identified and fixed in Linux that is local-only, and would require a previous root user to take specific action before it would even be locally exploitable.
Quote -
random: fix bound check ordering (CVE-2007-3105)

If root raised the default wakeup threshold over the size of the
output pool, the pool transfer function could overflow the stack with
RNG bytes, causing a DoS or potential privilege escalation.
So, other than the word "random" in the title, there is little in common between these items.
#2 Primetime2006 on 24 Nov 2007 - 14:18
Damn the RNG! It's been waiting all this time to strike down on it's enemies, haha.

Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!

Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.

Advertisement (Why?)
News powered by Neowin Management System (Build - 5.0.1345) © 2000 - 2008 Neowin.net