Nasty Linux kernel crash exploit found
Posted 06/14/2004 @ 10:33 AM, by Eric Bangeman
Linux Reviews is reporting the discovery of a kernel crash exploit that affects almost all 2.4.x and 2.6.x kernels on x86 systems. What is particularly troublesome about it is that having root privileges is not necessary. When executed by any user with shell access, the brief C program will crash the kernel, bringing the entire system to a screeching halt. It is reported that even grsecurity-patched kernels are vulnerable to the exploit. Virtually all distributions are affected, with the exception of a couple of Gentoo patches. On the following systems, all that happens is a "floating point exception" error and the code exits without doing further harm:
* Linux nudge 2.6.5-1um i686 (the user-mode Linux kernel) Dylan Smith
* Linux Kernel 2.6.4 SMP patched with staircase scheduler Guille
* Linux kernel 2.4.26-rc3-gentoo (gcc 3.3.3)
* Linux kernel 2.4.26_pre6-gentoo (gcc 3.3.2)
* 2.2.19-kernel
It is unclear why these specific Gentoo patch sets of the 2.4.26 kernel are safe. Other versions of the Gentoo kernel are not.
Generally, to do serious harm to a Linux system, one needs root access, but this small program is the exception to that. We tried it out in the Orbiting HQ and it worked as advertised, hard-locking the test machine and requiring a reboot. The crash also left the hard drive "dirty," requiring a fsck. Unfortunately, the possibilities of how this could be used are numerous. For instance, one could stick the program in a cron job on a shared web server and wreak all sorts of havoc on the webhost.
There are some workarounds available - Linux Review has a few, and it is certain that more will soon be circulating on Linux mailing lists. Aside from the crashing your system and dirtying your drive, the exploit will not do any lasting damage to your system. However, given the nature of this exploit, it will likely prove to be a major inconvenience for many until patches are widely available.
