Security Group Warns of Linux Flaw

Computer security researchers are again warning about a critical vulnerability in the Linux kernel that could be used by malicious hackers to take control of systems using the popular open source operating system. ISEC Security Research said Monday that it found a critical vulnerability in code that is used to manage virtual memory on Linux systems. The vulnerability affects versions of the Linux kernel up to and including version 2.6 and would give low-level Linux users total control over a Linux system.

ISEC, a noncommercial security research group based in Poland, discovered the problem in kernel code for a component called "mremap," according to a message posted by Paul Starzetz, an ISEC member. The kernel is the core of the Linux operating system and provides basic services for all other parts of the operating system such as allocating processor time for the programs running on the computer and managing the system's memory or storage.

Mremap provides functionality for managing virtual memory and is used continuously by programs that have exhausted their allocation of memory, or that have been allocated memory in excess of what they need, according to Dave Wreski, chief executive officer of secure Linux vendor Guardian Digital. Attackers could use the vulnerability to create an invalid virtual memory area, which could destabilize the Linux operating system or allow a malicious user to run attack code on the system. Attackers would need local user access to the vulnerable machine, but would not need any special privileges on the Linux system to exploit the hole, ISEC said. Researchers at ISEC said they have developed test code to exploit the mremap vulnerability.

View: The full story

News source: PCWorld

Previous Story
RIAA crackdown shows signs of success
Next Story
Open-source databases gaining favor