There is an exploit called “Mempodipper” published last January 21, 2012 that enables normal users to escalate their privileges, giving them root access to a machine. This exploit affects Linux kernel versions >= 2.6.39. It has been reported that major Linux distros and vendors have been notified of this vulnerability and are planning to release patches to defeat the said exploit.
But, the question is… How serious is this exploit? Does it even work? Before I wrote this article, I cloned the author’s git repo and tried to run the code in my Arch box. At first, it didn’t work since the way Arch Linux devs compiles their apps defeats the way the exploit works. So I checked out the Fedora branch and hit build! It turns out, my box is vulnerable. I’ve successfully elevated my access from a normal user to the superuser even without even entering the root password.
Anyways, what are the threats that this exploit poses? One of the possible scenarios that this exploit would do a lot of damage is to those web hosting services that offer SSH access to their users. This could be used as an entry point for script kiddies and other unscrupulous users to meddle with other users’ accounts and deploy malware. Unsuspecting users might not even know that their supposedly innocent site is distributing exploits and malware to visitors.
It depends on how fast the distro pushes updates to its users–the time between the exploit’s release and the vendor/distro response is critical. The longer the response time, the greater the risk for users as the exploit receives publicity. Arch Linux (the distro that I’m using) had released the patch three days after the exploit was made public. Hats off to them for a timely response! I could probably have a good night sleep starting tonight!
A reminder to our dearest readers…make sure to update your system regularly!