Researcher behind Linux Kernel flaw explains motives

Interview

Researcher behind Linux Kernel flaw explains motives

Bill Brenner, Senior News Writer

    Requires Free Membership to View

    Login

    SearchSecurity.com members gain immediate and unlimited access to breaking industry news, virus alerts, new hacker threats, highly focused security newsletters, and more -- all at no cost. Join me on SearchSecurity.com today!

    Michael S. Mimoso, Editorial Director

    By submitting your registration information to SearchSecurity.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchSecurity.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

It was trivially exploitable in a matter of minutes and the exploit code was ready long before vendors managed to prepare and distribute updated kernel packages for their customers.
Wojciech Purczynski,
security researcherCOSEINC
Did you discover the Linux Kernel flaw?
Yes, I discovered this flaw three or four weeks ago. Describe the sequence of events.
I was quite busy doing some other tasks here at COSEINC so I had to postpone publication of the vulnerability. But on Feb. 1 I made initial contact with The Red Hat Security Response Team, then we contacted with kernel developers so they could provide a quick fix for this vulnerability. Explain the severity of the vulnerability and why, since it involves the kernel, IT administrators in Linux-based environments should be concerned.
This was one of the most critical flaws seen so far in the Linux Kernel, not counting vulnerabilities that can be exploited remotely. It was trivially exploitable in a matter of minutes and the exploit code was ready long before vendors managed to prepare and distribute updated kernel packages for their customers. Are you surprised that exploit code was released for this so quickly?
Why should I be? There are numerous exploits published each day. [Qaaz] decided to share his zero-day with us without prior contact with the vendor to prepare the patch. Bad luck this time. Maybe better luck next time?
Linux Kernel flaw:
Linux Kernel attack code worries security experts It may not be remotely exploitable, but security experts say Linux Kernel flaws could spell trouble for Linux-based IT shops. The release of attack code has heightened concern.
In addition to installing the patch, what are steps IT shops should be taking to mitigate the threat?
After installing the patch the threat is over. That said, each company should have its own security policy applied whenever there is a probability that some systems could have been compromised. This looks like a locally-exploited issue. Is this something where companies need to be worried about a malicious insider taking advantage to do some damage?
It is trivially exploitable and the code is publicly available. The exploit is very reliable and each attack attempt should result in system compromise on vulnerable systems. It won't give you any warnings, and it won't leave any traces. Let that speak for itself.