Linux kernel had bug for years

Questions are being raised in the Linux community about how a bug in the kernel was allowed to exist for seven years after a fix was first mooted.

The flaw, found by Rafal Wojtczuk, is a problem in the memory management area of Linux which  allows attackers to execute code at root level. It is caused by overlaps between the memory areas of the stack and shared memory segments.

Insecurity expert Joanna Rutkowska  says that the vulnerability has been present in the kernel for years,since version 2.6, which was released in December 2003.

While in security terms the existence of the flaw fits into the “s*** happens” category, the question remains why the hole was never patched until now. Particularly as SuSE maintainer Andrea Arcangeli provided a fix for the problem in September 2004.

Open sauce security depends, not only on users finding holes and patching them, but the great hierarchies that watch over the release of updates actually using them. For some reason someone dropped the ball on this and as yet no one has put their hand up to admit it.

SuSE had the fix and SuSE Linux Enterprise 9, 10 and 11 and openSuSE 11.1 through 11.3 do not have the problem.

The fix for the flaw is to use a guaranteed minimum of one memory page between the stack and other memory areas.

Ironically this has been set up in kernel versions 2.6.32.19, 2.6.34.4 and 2.6.35.2, but without the problem being pointed out and may not even be related.  Another update is being prepared for inclusion in 2.6.27.52.

It is a moot point how dangerous the problem is. The vulnerability seems to harm older systems rather than the new ones and requires that an X Server is running on the system.

If you wanted to take over a Linux box you would have to exploit another hole to inject code and execute it on the system. The attacker would then use the flaw to gain root privileges.

However, kernel developer Greg Kroah-Hartman warned that all users must upgrade just to be sure.