Page 1 of 2 12 LastLast
Results 1 to 10 of 16

Thread: The High-Profile X.Org / Linux Kernel Security Bug

  1. #1
    Join Date
    Jan 2007
    Posts
    14,782

    Default The High-Profile X.Org / Linux Kernel Security Bug

    Phoronix: The High-Profile X.Org / Linux Kernel Security Bug

    As many learned today, there's been a rather critical bug living within the Linux kernel for several years (as possibly far back as the original Linux 2.6 kernel release) that was finally fixed and this "high priority" bug is now publicly detailed. This issue (CVE-2010-2240), which allows arbitrary code to be executed as root, is easily exploitable by most current Linux desktops via simply running any compromised GUI application that has access to the running X.Org Server...

    http://www.phoronix.com/vr.php?view=ODUyMA

  2. #2
    Join Date
    Aug 2007
    Posts
    437

    Default

    I'm speechless... All the time we joke about Windows security...

    Question: We I get a backported 2.6.34/2.6.35 kernel for Lucid? Don't want to reinstall OS in a year

  3. #3
    Join Date
    Jul 2008
    Location
    Greece
    Posts
    3,790

    Default

    Yeah, well. As someone who uses Windows (7 and previously XP), Linux still seems a hell of a lot better. Every month when doing a Windows Update, there's a whole bunch of security fixes that read "this patch prevents others from taking total control over your computer", at which point I always have to grin. And since MS cannot touch the Windows kernel (it would break a hell of a lot of rootki..., er, security software), they plug every hole with kludges in userspace.

    So we can still joke about Windows security as much as we want, no questions asked.

  4. #4
    Join Date
    Apr 2008
    Location
    /dev/random
    Posts
    218

    Default

    This requires a running X server, so servers which don't run X (no server should run X) won't be attackable by this.

  5. #5
    Join Date
    Nov 2008
    Posts
    767

    Default

    The bug isn't limited to X, it isn't even related to X. It's a kernel bug.

    It's unwise to assume that a computer is safe just because it doesn't use X.

    The example-exploit just uses X for two reasons:
    a) X listens to clients, it can be made to allocate memory and it can be made to give you access to shared memory. These are requirements to hit the bug.
    b) it runs as root, allowing the whole "gain root" part.


    You may find other applications that listen to clients and use shared memory, thus possibly hitting the bug. You may gain access to a different user (even if it isn't root), or you may simply crash an important task for fun.
    It's a good thing that most server programs enforce reasonable memory limits against DDoS attacks, thus protecting against this bug.
    Another limitation is the shared memory part: you have to execute code on the machine to exploit it.

    I'd still consider my server safe, but that's mostly because nobody but me may login. If others had ssh access, I'd now be running around panicking, even though there's no X installed.

  6. #6
    Join Date
    Mar 2009
    Location
    Hellas
    Posts
    1,045

    Default

    Quote Originally Posted by FunkyRider View Post
    I'm speechless... All the time we joke about Windows security...
    Huh? Every OS has bugs and vulnerabilities. The matter is how fast they are fixed after their discovery...

  7. #7
    Join Date
    Oct 2007
    Location
    Dresden
    Posts
    53

  8. #8
    Join Date
    Oct 2007
    Posts
    12

    Default

    The security patch mentioned is broke in the 2.6.35.2, 2.6.34.4, 2.6.32.19 kernels. Please refer to kernel bug https://bugzilla.kernel.org/show_bug.cgi?id=16588 So you risk a computer that won't boot if you do install. The next stable cycle will have the fix.

  9. #9
    Join Date
    Jul 2009
    Posts
    416

    Default

    In case of a local attacker that can use MIT-SHM extension (which is the most likely scenario)
    Oh no, not a local exploit. I'm quaking in my boots.
    I sure hope my neighbor doesn't crack my wifi and exploit my Linux machines with local vulnerabilities.

  10. #10
    Join Date
    May 2008
    Location
    Germany/NRW
    Posts
    510

    Default

    Quote Originally Posted by .CME. View Post
    Uhm, Michael explicitly mentions that it's possible to run X as non-root with the proprietary nvidia-driver.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •