Learn from 'Month of Kernel Bugs'

G00144700

Analyst(s):

  Free preview of Gartner research

Summary

The Month of Kernel Bugs is a serious wake-up call about the vulnerability of the most fundamental element of the operating system. Begin preparing now for more, and more damaging, attacks against the OS kernel.

News Analysis

Event

On 1 November 2006, independent security researchers launched a campaign called the Month of Kernel Bugs that targets flaws in operating system (OS) kernels. The researchers plan to release one new exploit targeting an unpatched flaw in an OS kernel each day of November. The first exploits released target Apple PowerBook wireless drivers; others target other OSs, including Linux and Windows. More details are available at http://kernelfun.blogspot.com .

Analysis

The Month of Kernel Bugs highlights the poorly understood but growing threat of flaws in the kernel — the most fundamental part of any OS. The kernel is typically hardened, and therefore better-protected than other software elements; it is also technically more challenging to leverage a damaging attack in the kernel, because many user-based OS functions are located at a higher level. However, because anything running in the kernel is completely trusted, an attacker with the necessary skills can take full control of the exploited system from the kernel. The most common vectors for kernel attacks are flaws in file systems and device drivers.

The Month of Kernel Bugs was inspired by a recent advance in the security research community: the free availability of "fuzzing" tools. Fuzzing is an automated software testing process that uses a tool to rapidly create randomly generated, often malformed input data until the process being tested crashes; these tools are particularly effective in discovering software vulnerabilities in device drivers and file systems. A second advance, the incorporation of kernel exploits into the free Metasploit penetration testing tool, is a very early indication that the complex exploitation of kernel flaws will be simplified in the future. Metasploit significantly reduces the skill level required to launch remote security exploits, in some cases eliminating the complexity of working directly in the kernel. Metasploit's kernel module (currently under development for the Windows OS only) will focus on leveraging remote kernel exploits, predominantly local wireless attacks.

These twin developments will help to automate the vulnerability discovery process and simplify the exploit process for a subset of these vulnerabilities. Most of the vulnerabilities revealed in the Month of Kernel Flaws are expected to focus on Unix-based local vulnerabilities and cross-platform wireless flaws. All parties with a stake in OS integrity — including hardware and software vendors and enterprises using the affected OSs — should take the Month of Kernel Bugs as a serious wake-up call about the vulnerability of the OS kernel.

Recommendations

  • Hardware and software vendors: Move immediately to improve the testing of software, especially device drivers and operating system code, using "fuzzing" techniques.

  • Enterprises: Add device driver configuration and patching to your vulnerability management processes, but remember that even among computers using the same hardware version, internal devices — and therefore drivers — may vary.

Recommended Reading

(You may need to sign in or be a Gartner client to access the documents referenced in this First Take.)

© 2006 Gartner, Inc. and/or its Affiliates. All Rights Reserved. Reproduction and distribution of this publication in any form without prior written permission is forbidden. The information contained herein has been obtained from sources believed to be reliable. Gartner disclaims all warranties as to the accuracy, completeness or adequacy of such information. Although Gartners research may discuss legal issues related to the information technology business, Gartner does not provide legal advice or services and its research should not be construed or used as such. Gartner shall have no liability for errors, omissions or inadequacies in the information contained herein or for interpretations thereof. The opinions expressed herein are subject to change without notice.

Not a Gartner Client?

Want more research like this?
Learn the benefits of becoming a Gartner client.

Contact us online

  Research

More  

  Webinars

More  

Why Gartner

Gartner delivers the technology-related insight you need to make the right decisions, every day.

Find out more