A serious and reportedly five-year-old bug in the Linux kernel could give attackers the ability to run malicious code or, at the very least, cause crashes on a variety of affected systems.
Some, though not necessarily all, Linux distributions would be vulnerable without installing the patch. What is more unclear – though suggested in some reports – is whether other services deploying the Linux kernel such as Google’s Android or Chrome operating system are affected too.
The bug appears to be a memory corruption vulnerability that could be exploited to execute code. The National Vulnerability Database describes it as follows:
“The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel through 3.14.3 does not properly manage tty driver access in the “LECHO & !OPOST” case, which allows local users to cause a denial of service (memory corruption and system crash) or gain privileges by triggering a race condition involving read and write operations with long strings.”
There is a fix for the kernel.
Ubuntu, the most well known of the Linux distros, has already implemented the fix and issued an update. According to the Ubuntu security advisory, the flaw exists in the Linux kernel’s pseudo tty (pty) device. Unprivileged users could potentially exploit the vulnerability in order to cause a denial of service condition, ultimately crashing that system, or even to obtain administrator privileges.
The bug could most severely impact Web hosting firms, Azimuth Security’s Dan Rosenberg told Ars Technica’s Dan Goodin. Rosenberg also told Ars that this is the most serious Linux bug in at least the last year. That same report also claims this bug was first introduced in an update way back in 2009.
A proof-of-concept exploit for the vulnerability can be found here.
RedHat Enterprise Linux 5 and 6’s handlers claim it was never vulnerable to begin with. However, that group admits that the bug does affect Red Hat Enterprise Linux 6.2 AUS, Red Hat Enterprise Linux 6.3 EUS (but not 6.4 or 6.5), and Red Hat Enterprise MRG 2. They are currently working on corrected kernel packages that address the problem. They also note that an exploit for this vulnerability would require shell access and that they are unaware of any in-the-wild attacks targeting it.
The people in charge of the Debian Linux distro are aware of the bug and have issued an update as well.