Check Point releases the patch for Linux memory corruption security hole
This Linux vulnerability has been known for years but never patched. Now, thanks to Check Point researchers, the Linux memory corruption vulnerability is finally patched. If you are a Linux user, you would know about the security vulnerability hiding in the GNU C Library (glibc).
GNU C Library handles the C programming language implementation. The vulnerability existed in how the GNU C Library dealt with single-linked-lists. The handling caused a dynamic memory management security hole that could be used for denial of service (DoS) attacks. For years, this vulnerability has been known but never patched. Now, Check Point, has issued an open-source patch for the vulnerability.
Check Point had been working on how the smart light bulbs could be used to hack into networks by exploiting unprotected single-linked-lists when its researchers found that this vulnerability is similar to the Linux GNU C Library flaw.
How does Checkpoint’s GNU C Library fix work?
The Safe-Linking Mechanism protects Linux malloc by signing its single-linked-list pointers with random numbers derived from Linux’s Address Space Layout Randomization (ASLR) functionality. The safe-linking mechanism can now be used in combination with the memory chunk alignment integrity checks to stop the DoS attacks
Check Point has integrated the patch with glibc.
While exploit developers have been aware of this problem for many years now, the developers of the libraries weren’t aware of a problem — so nothing got fixed. By giving developers the feedback, along with an idea for a fix, we managed to close this issue once and for all. Linux users should be aware of this update and make sure they switch to using the most updated version of their standard library, once it gets released.
Eyal Itkin, Check Point Security