Computer security researchers are again warning about a critical vulnerability in the Linux kernel that could be exploited by malicious hackers.
ISEC Security Research said it had found a critical vulnerability in code used to manage virtual memory on Linux systems. The vulnerability affects versions of the Linux kernel up to and including version 2.6 and would give low-level Linux users total control over a Linux system.
The Polish non-commercial security research group discovered the problem in kernel code for a component called "mremap", according to a message posted by group member Paul Starzetz.
Mremap provides functionality for managing virtual memory and is used continuously by programs that have exhausted their allocation of memory, or have been allocated memory in excess of what they need, according to Dave Wreski, chief executive officer of secure Linux supplier Guardian Digital.
Attackers could use the vulnerability to create an invalid virtual memory area (VMA), which could destabilise the Linux operating system or allow a malicious user to run attack code on the system. Attackers would need local user access to the vulnerable machine, but would not need any special privileges on the Linux system to exploit the hole, iSEC said.
Researchers at iSEC said they have developed test code to exploit the mremap vulnerability.
However, taking advantage of the hole will be more difficult for outsiders, who will need to get user access to the machine they want to compromise and then work backwards from the Linux kernel patches to spot the flaw and write code to exploit it, Wreski said.
The warning follows news in December of another critical flaw in version 2.4 of the Linux kernel. Malicious hackers used that vulnerability to attack servers belonging to The Debian Project, which produces the non-commercial Debian Linux distribution.
Wreski admitted that critical Linux kernel vulnerabilities are rare and the disclosure of two such holes within weeks of each other is unprecedented. However, he added that the increase in the number of critical flaws may be the result of more groups scrutinising the security of the Linux source code.
iSEC did a good job of co-ordinating with Linux suppliers, working with them for a month before publishing information on the mremap vulnerability, Wreski said.
Guardian Digital and Red Hat released updated kernel packages yesterday to fix the mremap security hole. iSEC encouraged Linux users to fix vulnerable systems as soon as software patches became available from their supplier.
Paul Roberts writes for IDG News Service