Linux Kernel attack code worries security experts

Two researchers have been credited with finding the issues -- Wojciech Purczynskiof iSEC Security Research and a researcher using the online name Qaaz. The latter researcher has released exploit code for the kernel via the MilwOrm.com site. At the time of writing, neither researcher had responded to emailed requests for comment.

Mari Kirby Nichols, a handler for the Bethesda, Md.-based SANS Internet Storm Center, said the issues are potentially serious, despite low threat ratings given by the likes of Secunia.

"I believe Secunia has correctly identified this vulnerability as a local system vulnerability, but given that every server with a vulnerable kernel can be exploited to get elevated privilege, any unprivileged remote exploit can combine with it to form a remote root-level exploit," she said. "Additionally, a problem with not ranking it higher is that the servers that run this kernel may contain critical data."

She added that kernel-level access is the best there is, so it doesn't make sense to take this vulnerability lightly on mission critical or sensitive data systems.

Secunia typically reserves "less critical" status to flaws with a limited attack surface. But it is often applied to cross-site scripting and privilege escalation vulnerabilities, including flaws that allow the exposure of sensitive data to local users. Secunia Chief Technology Officer Thomas Kristensen said that under his company's rating system, purely local issues will never be rated anything more than "less critical."

"This is simply because either you need to be a trusted local user (if you aren't trusted, you shouldn't have physical access to a console) or you must have gained access in an illegitimate manner such as exploiting a vulnerability with a remote vector [to exploit something like this]," he said.