back to article Sounds painful: Audio code bug lets users, apps get root on Linux

An advisory from Cisco issued last Friday, October 13th gave us the heads-up on a local privilege escalation vulnerability in the Advanced Linux Sound Architecture (ALSA). The bug is designated CVE-2017-15265, but its Mitre entry was still marked “reserved” at the time of writing. Cisco, however, had this to say about it …

  1. Will Godfrey Silver badge
    Meh

    Really?

    I see there's that magic word 'local'.

    I shall proceed to not panic.

    1. Anonymous Coward
      Anonymous Coward

      Re: Really?

      Do you really believe all successful attacks are made using a single remote exploitable vulnerability? Keep on feeling safe, while people rummage around your systems...

      1. Anonymous Coward
        Anonymous Coward

        Re: Really?

        Word on the street is that if a random person can get code to run on your machine, the game's already over. But this would be that other game: trying to clamp down the certainty around the people you hope you can trust that much, like if they work for you[r boss] and login on your network.

        P.S. I really believe that's a straw man

  2. Ken Hagan Gold badge

    Huh?

    I realise this is all pre-publication, so the lack of detail isn't surprising, but I'm struggling to understand how this works. If the attacking thread is in the same process as the victim, how can it be a privilege elevation and why wouldn't it just create its own port and then attack that? If, on the other hand, it is in a different process, then presumably ALSA has placed some kind of security mechanism around its ports. (If it hasn't, that's a hideous design error, but presumably it would have been spotted yonks ago.)

  3. Anonymous Coward
    Linux

    Many eyes!

    But all looking at pr0n...

    1. CAPS LOCK

      Re: Many eyes!

      Oh Carter, here we were thinking you might have something original to say. Maybe next time...

      1. Teiwaz

        Re: Many eyes!

        Oh Carter, here we were thinking you might have something original to say. Maybe next time...

        Hmm, high use of the 'Pron' term - possibly more often than Bender was known to say 'ass'.

        Way more than 'chumpette' anyway.

      2. JLV
        Trollface

        Re: Many eyes!

        >here we were thinking you might have something original to say

        Speak for yourself.

        I was thinking no such thing ;-)

  4. conscience
    FAIL

    Oh for FUDs sake

    It didn't take you Microsofties long to start posting the same old tired PR/FUD. Haven't you got any new material? At least then we wouldn't have to repeatedly read the same tired fanboi drivel.

    Besides, people in glass houses and all that: there were 60+ fixes for nasty Windows/MS software vulnerabilities in the last round of patching that leaky cheese that Microsoft call finished software products.

    https://www.theregister.co.uk/2017/10/10/october_2017_microsoft_windows_patch_tuesday/

    With software as insecure as Microsoft sell, I'd be more careful mentioning security if I were you, just in case it drew attention to the fact Linux, while not perfect, is still far more secure than anything Microsoft has ever made.

    1. Anonymous Coward
      Anonymous Coward

      Re: Oh for FUDs sake

      What Microsoft posts? Not seen one yet at time of your posting?

      Are you trying to pre-empt one to be cool, whereas you're just looking a bit of a twat at the moment.

      1. Aodhhan

        Re: Oh for FUDs sake

        I was thinking the same thing..

        Just another 'pud' to reinforce the concept, "half the people you come across are below average intelligence".

        If you want to be closed minded enough to think one OS is superior to another, fine. Just don't try to throw your crap here. Most of us are professional enough to become proficient on more than one OS; as opposed to sticking to one, and attempting to belittle the rest.

        1. conscience

          Re: Oh for FUDs sake

          Aodhhan: "If you want to be closed minded enough to think one OS is superior to another, fine. Just don't try to throw your crap here. Most of us are professional enough to become proficient on more than one OS; as opposed to sticking to one, and attempting to belittle the rest."

          Straw man and you know it.

          Once you move beyond insults and assumptions, I agree with the rest of your post RE closed minds.

          Funnily enough, I was just making that exact point to JJ Carter. I was merely pointing out how tedious it is to always have comments like JJ's closed-minded and unnecessary digs at OSS spoiling the discussions. Why was there any need to bring open/closed source into it? This was a simple programming error and could have been on any system, even JJ's OS of choice (another point I made with my link).

      2. conscience

        Re: Oh for FUDs sake

        Pre-emptive? Oh come on, it is only ever a matter of time until JJ brings the subject around to MS superiority and/or their rivals inferiority in some way, e.g. the "many eyes" comment. Check the post history, JJ has probably posted that exact comment more times than I have ever posted here.

        1. Sir Runcible Spoon

          Re: Oh for FUDs sake

          Gentle-persons, please - we only feed the trolls around here when it's funny :)

        2. Kiwi
          Linux

          Re: Oh for FUDs sake

          Check the post history, JJ has probably posted that exact comment more times than I have ever posted here.

          Lets see.. Your posts : 57 (at time of my posting).

          JJ's "many eyes" comments... : [oblig xkcd]

    2. Anonymous Coward
      Anonymous Coward

      Re: Oh for FUDs sake

      "there were 60+ fixes for nasty Windows/MS software vulnerabilities in the last round of patching "

      That's across ALL Microsoft products. Google beat that with Android alone.... Which of course is OSS / Linux based. Linux is no better than Windows in that regard. If not as a typical distribution much worse.

  5. Anonymous Coward
    Linux

    Kernel vulnerable to privilege escalation

    “The vulnerability is due to a use-after-free memory error" in x86 code running on the Intel Platform. I've taken the liberty of correcting the title as you accidentally mentioned the actual platform involved.

  6. JulieM Silver badge

    I smell dysangelism .....

    Most of the rack-mount servers I have encountered lack onboard sound, and so none of the ALSA modules get loaded. Contrariwise, most of the machines I have encountered which have some form of sound card tend to be on the inside of a LAN, without SSH forwarded through the router.

    Either I'm somewhere really atypical, or this might not be as serious as some are making out.

    1. Anonymous Coward
      Anonymous Coward

      Re: I smell dysangelism .....

      Ever heard about "lateral movement"?

      1. JulieM Silver badge

        Re: I smell dysangelism .....

        No, but I have heard of a buried spade ..... Such as when you have to have root access in order to load up a buggy kernel module that might grant you root access.

        1. Anonymous Coward
          Anonymous Coward

          Re: I smell dysangelism .....

          Elevation of privilege are exactly those bugs who don't require root to become root. And lateral movement means you jump from system to system - exploiting each system vulnerabilities, to thoroughly p0wn a network. Do you really believe only front-end server are p0wned? And that intruders are interested only on front-end ones for spam botnets and DDoS? And are not interested in going deep into a network? They usually expect the most valuable data aren't on front-end systems. And getting into a sysadmin machine while he or she listen to some pirated music helps a lot to gain more privileges....

          1. Anonymous Coward
            Trollface

            Re: I smell dysangelism .....

            P.P.S. I really believe this might be the same AC

    2. Steve Graham

      Re: I smell dysangelism .....

      Even PCs with sound cards don't need the ALSA sequencer module unless they're connected to a MIDI musical instrument.

      (I have one such Linux box, driving a Roland synth.)

  7. HAL-9000

    Uhh?!

    Without standing on top of a very tall mountain shouting admire my ignorance, but don't CISCO make network gear? More specifically why would their products' embedded OS have ALSA installed?

    More to the point: https://www.cvedetails.com/vulnerability-list/vendor_id-26/Microsoft.html (50+ for september alone, some quite good ones too: red)

    Of course CVE's don't mean much on their own

    1. JulieM Silver badge

      Re: Uhh?!

      It wouldn't; because ALSA is part of the Linux kernel, which is GPL2, whereas Cisco kit runs a BSD-derived, proprietary embedded OS.

  8. Anonymous Coward
    Anonymous Coward

    Patch October

    And here was I thinking that maybe for once, we'd have a month go by without a Linux vulnerability.

    Silly me.

    It's sad seeing the muppets here jumping through hoops to defend something using arguments that they would laugh at if an MS user used with the same justification.

    Loads of criticisms of Flash on windows, but "linux servers don't use sound".

    Seeing as ALSA is built into the default kernel, you are more likely to find ALSA in linux servers than flash in windows servers.

    I'm still waiting the sanctimonious "well, my distribution has already released a fix, and I've patched my machine" from people who laugh at published windows exploits that are also published when a fix is available.

    How about the tired old line "if the OS was properly written with the proper security separations, this sort of severe bug wouldn't be possible?" - It seems to be strangely absent here.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like