Kernel Exploit Cause Of Debian Compromise

Kernel Exploit Cause Of Debian Compromise 673

Posted by simoniker on Monday December 01, 2003 @05:40PM from the slightly-disturbing dept.

mbanck writes "The cause of the recent Debian Project server compromise has been published by the Debian security team: 'Forensics revealed a burneye encrypted exploit. Robert van der Meulen managed to decrypt the binary which revealed a kernel exploit. Study of the exploit by the RedHat and SuSE kernel and security teams quickly revealed that the exploit used an integer overflow in the brk system call. Using this bug it is possible for a userland program to trick the kernel into giving access to the full kernel address space'. This issue has been fixed in 2.4.23. Thus, the Linux kernel compromise was not Debian specific."

Kernel Exploit Cause Of Debian Compromise

This discussion has been archived. No new comments can be posted.

Search 673 Comments Log In/Create an Account

Comments Filter:

Shows the dangers of C (Score:4, Funny)

by Anonymous Coward writes: on Monday December 01, 2003 @05:42PM (#7602897)

If the kernel was coded in visual basic, this wouldn't be happening.

what kind of person... (Score:5, Funny)

by potpie ( 706881 ) writes: on Monday December 01, 2003 @05:43PM (#7602906) Journal

What kind of person spends that much time trying to find exploits in operating system kernels? Likewise, why do I spend so much time on www.thinkgeek.com/fortune.shtml? We are a sad people.

Oh... (Score:1, Funny)

by Anonymous Coward writes: on Monday December 01, 2003 @05:43PM (#7602909)

Fark. This seems to be a local exploit though. Whose the naughty one that did it? We can't have rogue members in our proud Debian society now can we? Come on, take it like a man.

Userland exploits (Score:5, Funny)

by Hayzeus ( 596826 ) writes: on Monday December 01, 2003 @05:44PM (#7602923) Homepage

The evidence mounts: users should be eliminated.

Re:Hurray for the Debian Security Team! (Score:2, Funny)

by isaac338 ( 705434 ) writes: on Monday December 01, 2003 @05:48PM (#7602960)

It obviously was known previously, as whoever cracked the Debian servers must have known about it.

Bang goes everyone's uptimes... (Score:2, Funny)

by Anonymous Coward writes: on Monday December 01, 2003 @05:49PM (#7602969)

yup... this'll make ms-windows look good on the uptime front for at least a week...

Yup (Score:5, Funny)

by ENOENT ( 25325 ) writes: on Monday December 01, 2003 @05:49PM (#7602973) Homepage Journal

Just like Nancy Reagan said: Users are Losers.

Well then they'd better get some help (Score:5, Funny)

by Hal The Computer ( 674045 ) writes: on Monday December 01, 2003 @05:51PM (#7603000)
CLIPPY:
You appear to be trying to write a kernel. Do you want to:
- Automatically make sure the Visula Basic DLL is included in your program?
- Answer some questions and have me generate a nice windows kernel for you?
- Straigten me, and turn me into a very attractive piece of modern art?
Re:Shows the dangers of C (Score:5, Funny)

by stefanlasiewski ( 63134 ) * writes: <(moc.ocnafets) (ta) (todhsals)> on Monday December 01, 2003 @05:54PM (#7603026) Homepage Journal

By 'this' do you mean the exploit wouldn't be happening? Or the Kernel?

Re:NEWSFLASH (Score:2, Funny)

by Aardpig ( 622459 ) writes: on Monday December 01, 2003 @05:56PM (#7603056)

This does not affect OpenBSD. Smart admins can sleep well tonight.

Hell, who cares, OpenBSD is dying. In fact, in Soviet Russia it's already dead...

There goes my Saturday (Score:5, Funny)

by mariox19 ( 632969 ) writes: on Monday December 01, 2003 @05:59PM (#7603100)

I had just convinced myself there was no compelling reason to upgrade my kernel from 2.4.22.

Actually, there still isn't, since the likelihood of my machine "coming under attack" is slight. But, what's the point of running Linux if you're not going to get all worked up over things like this ;-)

Happy make menuconfig to all!

Re:A shift of focus (Score:5, Funny)

by Anonymous Coward writes: on Monday December 01, 2003 @06:00PM (#7603106)

It's fun to see how security research shifted from applications to kernels lately.

Fun!? You must be Klingon.

Re:Hmm, Methinks I've Heard this theme before (Score:5, Funny)

by RetroGeek ( 206522 ) writes: on Monday December 01, 2003 @06:08PM (#7603182) Homepage

Several million others that I missed, which courteous slashdotters will point out.

I'm sorry Dave, I can't do that...

Re:How did they get in to run a userspace util? (Score:5, Funny)

by g1zmo ( 315166 ) writes: on Monday December 01, 2003 @06:13PM (#7603238) Homepage

I believe an earlier article said that it appeared that he sniffed a password to the box.

Or perhaps "she" sniffed a password?

I refuse to believe that the really hot, Debian-using, password-sniffing, root-exploiting geek girl is a myth.

Re:Well then they'd better get some help (Score:2, Funny)

by Ann Elk ( 668880 ) writes: on Monday December 01, 2003 @06:14PM (#7603246)

I always thought Clippy needed an option to eject the CDROM...

Kicking it up a notch. (Score:5, Funny)

by _Sprocket_ ( 42527 ) writes: on Monday December 01, 2003 @06:20PM (#7603306)

And they call Windows unsecure. How does crow taste, Slashdot?

Pretty good if you know how to spice it right. The trick is, knowing you've got crow to eat. How's that mystery meat you're chewing on?

(there's a joke about feeding trolls to be made in this somewhere)

Up 107 days... (Score:5, Funny)

by jehreg ( 120485 ) writes: on Monday December 01, 2003 @06:21PM (#7603318) Homepage

kc grub # uptime 17:21:06 up 107 days, 22:45, 1 user, load average: 0.35, 0.82, 0.47
Great..... there goes my uptime.....
If I have to reboot more than once per year, I'm switching to Windows.

Re:A shift of focus (Score:5, Funny)

by Frymaster ( 171343 ) writes: on Monday December 01, 2003 @06:25PM (#7603355) Homepage Journal

what i want to know is...
does this code belong to sco?

I feel your pain.... (Score:3, Funny)

by The Ape With No Name ( 213531 ) writes: on Monday December 01, 2003 @06:28PM (#7603380) Homepage

me@spyder:~$ w
17:26:24 up 168 days, 5:52, 5 users, load average: 0.70, 0.78, 1.59

D'oh. Well what to do....

--toby

Re:Up 107 days... (Score:2, Funny)

by Roadkills-R-Us ( 122219 ) writes: on Monday December 01, 2003 @06:38PM (#7603514) Homepage

If I have to reboot more than once per year, I'm switching to Windows.

Yeah, then you only have to reboot once a day!

Re:A shift of focus (Score:2, Funny)

by SlashDotAgent ( 700292 ) writes: on Monday December 01, 2003 @06:48PM (#7603628)

If only any Linux application could run on any distribution, just according to the kernel, like those exploits...

Re:A shift of focus (Score:5, Funny)

by Sloppy ( 14984 ) * writes: on Monday December 01, 2003 @06:56PM (#7603734) Homepage Journal

That's why all the smart admins have been migrating their servers over to the best platform for the job: XBox.

Re:Up 107 days... (Score:2, Funny)

by prock307 ( 513323 ) writes: <rock.sr71@net> on Monday December 01, 2003 @06:59PM (#7603764) Homepage Journal

Hmmm.... Although this could start a flame war...

I would have been up for 367 days today if some idiot didn't grab my server's keyboard instead of the M$ W2K box next to it to do a 3-finger-salute.

Needless to say I have disabled that "feature" now.

rock@phantom:~$ uptime
Unknown HZ value! (2) Assume 100.
16:47:42 up 256 days, 1:51, 1 user, load average: 0.00, 0.00, 0.00

Re:Shows the dangers of C (Score:5, Funny)

by Lussarn ( 105276 ) writes: on Monday December 01, 2003 @07:03PM (#7603810)

Why not Brainfuck [muppetlabs.com]

If you can't read your own code who else can..

Re:WHAT DID I TELL YOU TWO WEEKS AGO!?!?!? (Score:2, Funny)

by talks_to_birds ( 2488 ) writes: on Monday December 01, 2003 @07:13PM (#7603936) Homepage Journal

Linux is kernel-level exploitable.
Windows is not.
Window$ doesn't have a kernel; a rat's nest, maybe, but certainly not a kernel...
t_t_b

Re:A shift of focus (Score:5, Funny)

by Anonymous Coward writes: on Monday December 01, 2003 @07:16PM (#7603969)

"Fun!? You must be Klingon."

Today is a good day to get rooted.

Re:Time for better security. (Score:4, Funny)

by Pflipp ( 130638 ) writes: on Monday December 01, 2003 @07:28PM (#7604089)

bash Theo

Never EVER put these words together. It's like keeping the Bible next to the Koran. You'll never know just when they will auto-ignite!

Re:Up 107 days... (Score:2, Funny)

by silicon not in the v ( 669585 ) writes: on Monday December 01, 2003 @07:42PM (#7604224) Journal

Whoa! Windows crashed a Linux box just sitting next to it! I think that may be a first.

Re:Why aren't the using Debian Stable? (Score:2, Funny)

by Anonymous Coward writes: on Monday December 01, 2003 @08:22PM (#7604631)

No, I think Debian is still using kernel 2.0.0. There is going to be a new Debian release "any day now."

Re:Up 107 days... (Score:2, Funny)

by Haeleth ( 414428 ) writes: on Monday December 01, 2003 @09:18PM (#7605020) Journal

If I have to reboot more than once per year, I'm switching to Windows.

Why does everyone always make fun of Windows' uptime records? I'm proud of what my GNU/Windows box can achieve. Look...

haeleth@Cynewulf ~ $ uptime 01:21:28 up 15:37, 1 user, load average: 0.00, 0.00, 0.00

That's nearly a whole day!

Re:The kernel patch... (Score:3, Funny)

by debrain ( 29228 ) writes: on Monday December 01, 2003 @09:42PM (#7605203) Journal

but nobody realised it was an exploitable security hole until a day or two ago

I'd say someone figured it out at least a week ago [debian.org]. ;)

Patch Created September, System Rooted in November (Score:1, Funny)

by Anonymous Coward writes: on Tuesday December 02, 2003 @12:16AM (#7606284)

... hey, it's just as good as Windows!

Re:A shift of focus (Score:2, Funny)

by Net_Wakker ( 576655 ) writes: <puddingdepotNO@SPAMyahoo.com> on Tuesday December 02, 2003 @03:21AM (#7607098)

Today is a good day to get rooted.
I don't know, but ever since I saw the goatse-guy this just no longer has the same meaning...

Comment removed (Score:2, Funny)

by account_deleted ( 4530225 ) writes: on Tuesday December 02, 2003 @04:08AM (#7607224)

Comment removed based on user account deletion

Re:A shift of focus (Score:2, Funny)

by Anonymous Coward writes: on Tuesday December 02, 2003 @11:05AM (#7608678)

Yes, the secret is out. Hyper Text Markup Language is a language.

There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.

Shows the dangers of C (Score:4, Funny)

what kind of person... (Score:5, Funny)

Oh... (Score:1, Funny)

Userland exploits (Score:5, Funny)

Re:Hurray for the Debian Security Team! (Score:2, Funny)

Bang goes everyone's uptimes... (Score:2, Funny)

Yup (Score:5, Funny)

Well then they'd better get some help (Score:5, Funny)

Re:Shows the dangers of C (Score:5, Funny)

Re:NEWSFLASH (Score:2, Funny)

There goes my Saturday (Score:5, Funny)

Re:A shift of focus (Score:5, Funny)

Re:Hmm, Methinks I've Heard this theme before (Score:5, Funny)

Re:How did they get in to run a userspace util? (Score:5, Funny)

Re:Well then they'd better get some help (Score:2, Funny)

Kicking it up a notch. (Score:5, Funny)

Up 107 days... (Score:5, Funny)

Re:A shift of focus (Score:5, Funny)

I feel your pain.... (Score:3, Funny)

Re:Up 107 days... (Score:2, Funny)

Re:A shift of focus (Score:2, Funny)

Re:A shift of focus (Score:5, Funny)

Re:Up 107 days... (Score:2, Funny)

Re:Shows the dangers of C (Score:5, Funny)

Re:WHAT DID I TELL YOU TWO WEEKS AGO!?!?!? (Score:2, Funny)

Re:A shift of focus (Score:5, Funny)

Re:Time for better security. (Score:4, Funny)

Re:Up 107 days... (Score:2, Funny)

Re:Why aren't the using Debian Stable? (Score:2, Funny)

Re:Up 107 days... (Score:2, Funny)

Re:The kernel patch... (Score:3, Funny)

Patch Created September, System Rooted in November (Score:1, Funny)

Re:A shift of focus (Score:2, Funny)

Comment removed (Score:2, Funny)

Re:A shift of focus (Score:2, Funny)

Related Links Top of the: day, week, month.

Slashdot Top Deals