Interview

Researcher behind Linux Kernel flaw explains motives

Bill Brenner

    Requires Free Membership to View

It was trivially exploitable in a matter of minutes and the exploit code was ready long before vendors managed to prepare and distribute updated kernel packages for their customers.
Wojciech Purczynski,
security researcherCOSEINC
Did you discover the Linux Kernel flaw?
Yes, I discovered this flaw three or four weeks ago. Describe the sequence of events.
I was quite busy doing some other tasks here at COSEINC so I had to postpone publication of the vulnerability. But on Feb. 1 I made initial contact with The Red Hat Security Response Team, then we contacted with kernel developers so they could provide a quick fix for this vulnerability. Explain the severity of the vulnerability and why, since it involves the kernel, IT administrators in Linux-based environments should be concerned.
This was one of the most critical flaws seen so far in the Linux Kernel, not counting vulnerabilities that can be exploited remotely. It was trivially exploitable in a matter of minutes and the exploit code was ready long before vendors managed to prepare and distribute updated kernel packages for their customers. Are you surprised that exploit code was released for this so quickly?
Why should I be? There are numerous exploits published each day. [Qaaz] decided to share his zero-day with us without prior contact with the vendor to prepare the patch. Bad luck this time. Maybe better luck next time?
Linux Kernel flaw:
Linux Kernel attack code worries security experts It may not be remotely exploitable, but security experts say Linux Kernel flaws could spell trouble for Linux-based IT shops. The release of attack code has heightened concern.
In addition to installing the patch, what are steps IT shops should be taking to mitigate the threat?
After installing the patch the threat is over. That said, each company should have its own security policy applied whenever there is a probability that some systems could have been compromised. This looks like a locally-exploited issue. Is this something where companies need to be worried about a malicious insider taking advantage to do some damage?
It is trivially exploitable and the code is publicly available. The exploit is very reliable and each attack attempt should result in system compromise on vulnerable systems. It won't give you any warnings, and it won't leave any traces. Let that speak for itself.


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: