Cause of Debian Server Compromise Found

The cause of the recent compromise of four of Debian’s servers has been identified to a then-unknown local root compromise in the Linux kernel that was fixed in the recently-released 2.4.23. A lack of bounds checking in the do_brk() function in the kernel allowed a malicious program to gain access to kernel memory, thus allowing it to elevate itself to root. At the time the bug was fixed (back in September), the security implications of the bug weren’t known.

Naturally, a local root exploit doesn’t allow an outsider to gain root unless he first compromises an ordinary user’s account. This appears to have been accomplished by sniffing one Debian developer’s password as it passed unencrypted over a local network. Once the attacker logged in as this developer, he was able to use the aforementioned exploit to gain root on four of Debian’s servers.

The fix for the local root exploit is an innocent-looking two-line addition to the do_brk() function. Since I’m running 2.4.22-ck2 (2.4.22 plus the nifty Con Kolivas patch set), I’ve applied this patch and recompiled the kernel. Sorry, Amy, but now you can’t gain root on my machine using this exploit anymore. <g>

More information about the details of the attack can be found here.

4 Responses

  1. I WHAT?!!!!! Can I still somehow get onto your computer? Like..via another way? I was going to copy Cowboy Bepob soundtrack from you…PHOOEY!

    and i just found out you didn’t get Senior pictures…WHY NOT?! I know you don’t like getting your piccy taken but do it for it for mom..DO IT FOR ME! *tear*

    Our Christmas tree is outside as I speak. Mom ain’t happy about that and neither is dad…2 weeks early! NOT GOOD!

    I got so much work to do so I can’t talk any longer.

    LOVE Amy

  2. You can still log in and everything. You just can’t exploit that security hole to get root on my system.

  3. say what?

  4. Meaning, you can no longer use the bug to get administrative privileges on my computer. That would be bad.

    Seeing as how you aren’t supposed to have administrative privileges on my computer to begin with, you can’t be too disappointed. <g>

Comments are closed.