A software developer has uncovered a bug in most versions of Linux that could allow untrusted users to gain complete control over the open-source operating system.The null pointer dereference flaw was only fixed in the upcoming 2.6.32 release candidate of the Linux kernel, making virtually all production versions in use at the moment vulnerable. While attacks can be prevented by implementing a common feature known as mmap_min_addr, the RHEL distribution, short for Red Hat Enterprise Linux, doesn't properly implement that protection, Brad Spengler, who discovered the bug in mid October, told The Register.What's more, many administrators are forced to disable the feature so their systems can run developer tools or desktop environments such as Wine.The vulnerability was first reported by Spengler, a developer at grsecurity, a maker of applications that enhance the security of Linux. On October 22, he wrote a proof of concept attack for the local root exploit. Over the past few months, he has emerged as an outspoken critic of security practices followed by the team responsible for the Linux kernel."It's interesting to me that I picked it out two weeks before the people whose job it is to find this sort of stuff," he said Tuesday. "They've got entire teams of people and I'm just one person doing this in my free time."
As root type "sysctl vm.mmap_min_addr". If the result is 4096, the problem has been dealt with. If it is 0, read the man page for "sysctl.conf".WINE is for running Windows programs on a Linux box, but it has limitations. Last time I read about it, WINE was unable to install or run Windows malware correctly.Closed source drivers can cause some hassle (none in this case). If some kit provides so much benefit for you that it is worth the hassle, ask the supplier to provide a minimal open source wrapper around a binary blob like nVidia have for years.
Just tested the "sysctl vm.mmap_min_addr" command on my Linux Mint box (not as root mind you - I'm no hacker so didnt want to risk a reg forums comment to root!)Anyway, ot the response "vm.mmap_min_addr = 65536", not 4096.So I guess it's fine and that therfore presumably ubuntu 9.04 (on which Mint 7 is based) is also ok.Looks like this is a lot of fuss about nothing.Good to see the attention Linux is getting though!
