Brad Spengler Exposes Exploit in Linux Kernel 2.6.31

Sep 18, 2009

The developer behind the grsecurity.net security portal, Brad Spengler, has released videos on the Web that demonstrate a security hole in the current Linux kernel.

Brad Spengler (alias Spender) is a known entity in the Linux security field. Revealing his videos on his YouTube channel certainly lends his case credibility. The videos show that the exploit uses a buffer overflow in the perf_counter after a kernel crash, which also bypasses SE Linux.

As Spengler shows in his video, the Kernel 2.6.31 security hole also applies to 64-bit systems.

A recent followup to Spengler's video for a 32-bit system is one for a 64-bit Ubuntu exploit. He intends to publish details soon. Fortunately the exploit is currently not freely circulating.

Related content

  • Root Exploit Vulnerability in Kernel 2.6.30

    A recently discovered root exploit attacked the newest Linux versions and circumvented protection systems such as SELinux and AppArmor. A solution has been found.

  • Update: Security Hole in Kernel Allows Privilege Extensions

    A null-pointer dereference in the Linux kernel allows local users to assume root privileges. Brad Spengler, who claims first discovery, announced that he will present a corresponding exploit during the course of the day.

  • Grsecurity

    Security-conscious people dig a deep moat with crocodiles around their homes, hide their furniture in back rooms, and only let visitors into the bathroom if they know the secret password. Grsecurity follows a similarly extreme principle.

  • Linux Kernel 2.6.31 Brings USB 3.0

    Seventy percent drivers, about six percent firmware and sound and many filesytem updates. That's how Linus Torvalds describes the the biggest changes to the new Kernel 2.6.31.

Comments

  • How to mitigate such risks..

    Hi guys,

    At our IT Security Conference, AthCon, www.athcon.org which will be hosted in Athens, Greece in Q2 2010, we'll be discussing how to mitigate such vulnerabilities in production code & how to thwart null pointer dereference vulnerabilities once & forever.

    - AthCon team.
comments powered by Disqus
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters

Support Our Work

Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.

Learn More

News