Linux Kernel Vulnerable to Privilege Escalation and DoS Attack

Multiple flaws have been identified in Linux Kernel and related software could allow hackers to hack your Linux machines, shared hosting and websites hosted on them.

PRIVILEGE ESCALATION VULNERABILITY IN LINUX KERNEL

A privilege escalation vulnerability has been identified in the widely used Linux kernel that could allow an attackers to take the control of users’ system.

On Thursday, the most popular distributor of open source Linux OS, Debian warned about this vulnerability (CVE-2014-3153) in a security update, along with some other vulnerabilities in the Linux kernel that may lead to a denial of service attack.

The most critical one is the flaw (CVE-2014-3153) discovered by Pinkie Pie which resides in the futex subsystem call of Linux Kernel 2.6.32.62/3.2.59/3.4.91/3.10.41/3.12.21/3.14.5 versions, leaving a queued kernel waiter on the stack, which can be exploited to potentially execute arbitrary code with kernel mode privileges.

"Pinkie Pie discovered an issue in the futex subsystem that allows a local user to gain ring 0 control via the futex syscall," reads the advisory. "An unprivileged user could use this flaw to crash the kernel (resulting in denial of service) or for privilege escalation."

Pinkie Pie is the anonymous teenage ethical and skilled hacker who scooped at least $100,000 for bypassing the security features of Google's Chrome, many of them sandbox exploits, at both Pwnium and Pwn2Own competitions every year since 2012.

RESEARCHER’S ADVICE

Kees Cook, a Google Chrome OS security researcher and Ubuntu contributor said that the latest flaw found by Pinkie Pie is "urgent to fix."

"Specifically, the futex syscall can leave a queued kernel waiter hanging on the stack. By manipulating the stack with further syscalls, the waiter structure can be altered. When later woken up, the altered waiter can result in arbitrary code execution in ring 0," Cook wrote Thursday on Seclists.org. "This flaw is especially urgent to fix because futex tends to be available within most Linux sandboxes (because it is used as a glibc pthread primitive)."

CHKROOTKIT - ANOTHER CRITICAL FLAW

The vulnerability highlighted two days after Thomas Stangner reported a serious flaw in the chkrootkit (Check Rootkit), a rootkit detector, that allows a local attacker to gain root access to gain root control by executing malicious code inside the /tmp directory.

A common Unix-based program, chkrootkit helps system administrators to check their systems for known rootkits. The vulnerability in the chkrootkit, assigned CVE-2014-0476 ID, actually resides in the slapper() function in the shell script chkrootkit package. A non-root user can place any malicious executable file named 'update' in /tmp folder, which will get executed as root whenever chkrootkit will scan this directory for rootkits.

OTHER VULNERABILITIES IN LINUX KERNEL

Another security issues (CVE-2014-3144 and CVE-2014-3145) also have been discovered in the Linux kernel that could allow any local user to cause a Denial of Service (DoS) attack via crafted BPF instructions.

Debian has issued the patches for these vulnerabilities and encouraged Linux users to upgrade their Linux packages highlighting that the issue has been fixed in the stable distribution, version 3.2.57-3+deb7u2, and will be fixed in the unstable distribution as soon as possible.