| QUESTION & ANSWER |
Researcher behind Linux Kernel flaw explains motives |
 |
By Bill Brenner, Senior News Writer
14 Feb 2008 | SearchSecurity.com |
|
|
When a vulnerability researcher discloses a flaw in a widely-used operating system or application, some IT professionals question the motive. Such has been the case with a Linux Kernel flaw that was disclosed last week. Wojciech Purczynski, a researcher with Singapore-based security firm COSEINC, discovered the flaw, and a researcher using the online name "Qaaz" followed it up with attack code. Qaaz declined an interview request, but Purczynski did answer some questions in an email exchange. In this Q&A, he explains how he reported the security hole and why Linux users should take his findings seriously.
|
|
|
|
|
It was trivially exploitable in a matter of minutes and the exploit code was ready long before vendors managed to prepare and distribute updated kernel packages for their customers.
Wojciech Purczynski,
security researcher, COSEINC
|
|
|
|
|
|
|
|
|
|
Did you discover the Linux Kernel flaw?
Wojciech Purczynski: Yes, I discovered this flaw three or four weeks ago.
Describe the sequence of events.
Purczynski: I was quite busy doing some other tasks here at COSEINC so I had to postpone publication of the vulnerability. But on Feb. 1 I made initial contact with The Red Hat Security Response Team, then we contacted with kernel developers so they could provide a quick fix for this vulnerability.
Explain the severity of the vulnerability and why, since it involves the kernel, IT administrators in Linux-based environments should be concerned.
Purczynski: This was one of the most critical flaws seen so far in the Linux Kernel, not counting vulnerabilities that can be exploited remotely. It was trivially exploitable in a matter of minutes and the exploit code was ready long before vendors managed to prepare and distribute updated kernel packages for their customers.
Are you surprised that exploit code was released for this so quickly?
Purczynski: Why should I be? There are numerous exploits published each day. [Qaaz] decided to share his zero-day with us without prior contact with the vendor to prepare the patch. Bad luck this time. Maybe better luck next time?
|
| Linux Kernel flaw: |
| Linux Kernel attack code worries security experts It may not be remotely exploitable, but security experts say Linux Kernel flaws could spell trouble for Linux-based IT shops. The release of attack code has heightened concern. |
|
|
|
|
In addition to installing the patch, what are steps IT shops should be taking to mitigate the threat?
Purczynski: After installing the patch the threat is over. That said, each company should have its own security policy applied whenever there is a probability that some systems could have been compromised.
This looks like a locally-exploited issue. Is this something where companies need to be worried about a malicious insider taking advantage to do some damage?
Purczynski: It is trivially exploitable and the code is publicly available. The exploit is very reliable and each attack attempt should result in system compromise on vulnerable systems. It won't give you any warnings, and it won't leave any traces. Let that speak for itself.
|
|
|
|
