[GNU/Linux] Linux Kernel vulnerability

Thursday, 08/13/2009 information about a Linux Kernel vulnerability allowing privilege-escalation, has been released. [1]. For exploiting this vulnerability local access is needed.

Affected Systems

Linux Kernels of Version 2.4 and 2.6 are affected by this vulnerability.

  • Linux 2.4, Version 2.4.4 up and including 2.4.37.4
  • Linux 2.6, Version 2.6.0 up and including 2.6.30.4

The national vulnerability database of NIST covers the affected kernel versions in detail [2].

Countermeasures

If your computer is affected by this vulnerability, you should take countermeasures. For most linux-distributions, an updated kernel will be released and deployed using the update mechanisms of the linux distribution in use. Please note that a reboot of your system will be necessary for a successful update.

Users of the "kleine Baumschule" distribution from SCC already have received an hardened kernel, in some cases a manual reboot is neccessary.

If you are using a different distribution, the following steps can be used to install the updates, based on availability.

debian

Information from debian for this vulnerability [3]. Update of the system and reboot can be done with the following commands:

apt-get update && apt-get upgrade && reboot

Ubuntu

Information from Ubuntu for this vulnerability : [4, 6]. Update of the system and reboot can be done with the following commands:

apt-get update && apt-get upgrade && reboot 

SuSE Linux Enterprise

Information from SuSE for this vulnerability : N/A. Update of the system and reboot can be done with the following commands:

zypper up && reboot 

RedHat Enterprise Linux

Information from RedHat for this vulnerability : [5]. Update of the system and reboot can be done with the following commands:

RedHat Enterprise Linux 4: up2date && reboot
RedHat Enterprise Linux 5: yum update && reboot

References

[1] http://lists.grok.org.uk/pipermail/full-disclosure/2009-August/070197.html
[2] http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2692
[3] http://www.debian.org/security/2009/dsa-1864
[4] https://bugs.launchpad.net/ubuntu/+source/linux/+bug/413656
[5] https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-2692
[6] http://www.ubuntu.com/usn/usn-819-1

Note

Security warnings issued by the KIT-CERT are published on this page. These warnings are composed and published for students and members of KIT. Re-publishing on a different site is allowed only if the contents remain unmodified and this disclaimer is attached. Also the following copyright statement must be published with the security warning.

Copyright © 2009 KIT-CERT, Karlsruhe Institute of Technology, http://www.kit.edu/cert

aw, 08/17/2009