Security researchers have discovered three privilege escalation vulnerabilities in the Linux kernel that have managed to avoid detection since 2006.
Cybersecurity company GRIMM found the vulnerabilities lurking in the kernel’s iSCSI (Small Computer System Interface) subsystem that can be exploited to gain root privileges on Linux machines.
“Unlike most things that we find gathering dust, these bugs turned out to still be good, and one turned out to be usable as a Local Privilege Escalation (LPE) in multiple Linux environments,” says GRIMM security researcher Adam Nichols who discovered the bugs.
Getting to the root
Nichols believes the bugs were introduced during the early development of the iSCSI module over a decade and half ago. The module helped access shared data storage facilities.
As Nichols notes, while SCSI is still in use today its use isn’t as prevalent as it was back in the day. This is why the vulnerable module isn’t loaded by default on most desktop distros. Another saving grace of sorts is that the bugs exist in a piece of code that isn’t remotely accessible, which means the attackers need physical access to the device to exploit them.
However, this still makes them potentially dangerous because of how the kernel handles modules. “The Linux kernel loads modules either because new hardware is detected or because a kernel function detects that a module is missing. The latter implicit autoload case is more likely to be abused and is easily triggered by an attacker, enabling them to increase the attack surface of the kernel,” reasons Nichols.
Patches for all three vulnerabilities have been added to the mainline kernel last week, and have also been backported to other Long Term Support (LTS) kernel branches currently supported.
However, just like the decade old sudo vulnerability, the discovery of the iSCSI bugs again highlights the need to revise Eric S. Raymond’s famous “given enough eyeballs, all bugs are shallow” maxim.
The complexity of modern day kernel development, and the increasing number of collaborators, puts an increased onus on the eyeballs that are hunting for kernel vulnerabilities, which would explain the recent interest of tech giants such as Google, IBM, GitHub and others collaborating to bolster the security of the Linux kernel.
Via: Bleeping Computer
