Topic: Bug exposes eight years of Linux kernel: Passes it's-not-crying-wolf test  (Read 2574 times)

0 Members and 1 Guest are viewing this topic.

Offline toasty0

  • Application.Quit();
  • Captain
  • *
  • Posts: 8045
  • Gender: Male
Linux developers have issued a critical update for the open-source OS after researchers uncovered a vulnerability in its kernel that puts most versions built in the past eight years at risk of complete takeover.

The bug involves the way kernel-level routines such as sock_sendpage react when they are left unimplemented. Instead of linking to a corresponding placeholder, (for example, sock_no_accept), the function pointer is left uninitialized. Sock_sendpage doesn't always validate the pointer before dereferencing it, leaving the OS open to local privilege escalation that can completely compromise the underlying machine.
...read more
MCTS: SQL Server 2005 | MCP: Windows Server 2003 | MCTS: Microsoft Certified Technology Specialist | MCT: Microsoft Certified Trainer | MOS: Microsoft Office Specialist 2003 | VSP: VMware Sales Professional | MCTS: Vista

Offline Dash Jones

  • Sub-Commander of the Dark Side
  • Captain
  • *
  • Posts: 6477
  • Gender: Male
In other news, MS also has a similar vulnerability, and now the newest version of this Trojan can also use your Windows Media Player, OR another player to hack into your Boot portion of the Hard drive and screw it over.

This Trojan keeps getting worse and worse (the programmers keep refining it) and yet MS still really hasn't done much to prevent it.  They put in a stop gap measure and warning about it, but their stop gap at this point, from someone's machine which had the latest and greatest, shows that they've overcome MS's stop gap as well.

Of course he probably shouldn't have been going to the sites he was visiting in the first place...but this one is live and operating in the internet wilds...is the Linux one actually exploited like the MS one is yet?
"All hominins are hominids, but not all hominids are hominins."


"Is this a Christian perspective?

Now where in the Bible does it say if someone does something stupid you should shoot them in the face?"

-------

We have whale farms in Jersey.   They're called McDonald's.

There is no "I" in team. There are two "I"s in Vin Diesel. screw you, team.

Offline Nemesis

  • Captain Kayn
  • Global Moderator
  • Commodore
  • *
  • Posts: 13067
From my understanding this is a local exploit, you need to be at the machine for it to work, no "drive by" attacks.  Also it is already patched.
Do unto others as Frey has done unto you.
Seti Team    Free Software
I believe truth and principle do matter. If you have to sacrifice them to get the results you want, then the results aren't worth it.
 FoaS_XC : "Take great pains to distinguish a criticism vs. an attack. A person reading a post should never be able to confuse the two."

Offline toasty0

  • Application.Quit();
  • Captain
  • *
  • Posts: 8045
  • Gender: Male
From my understanding this is a local exploit, you need to be at the machine for it to work, no "drive by" attacks.  Also it is already patched.

Incorrect.
MCTS: SQL Server 2005 | MCP: Windows Server 2003 | MCTS: Microsoft Certified Technology Specialist | MCT: Microsoft Certified Trainer | MOS: Microsoft Office Specialist 2003 | VSP: VMware Sales Professional | MCTS: Vista

Offline toasty0

  • Application.Quit();
  • Captain
  • *
  • Posts: 8045
  • Gender: Male
In other news, MS also has a similar vulnerability, and now the newest version of this Trojan can also use your Windows Media Player, OR another player to hack into your Boot portion of the Hard drive and screw it over.

This Trojan keeps getting worse and worse (the programmers keep refining it) and yet MS still really hasn't done much to prevent it.  They put in a stop gap measure and warning about it, but their stop gap at this point, from someone's machine which had the latest and greatest, shows that they've overcome MS's stop gap as well.

Of course he probably shouldn't have been going to the sites he was visiting in the first place...but this one is live and operating in the internet wilds...is the Linux one actually exploited like the MS one is yet?

Interesting. Maybe if you post a link to the article describing this "Media Player exploit"--which is not a kernal level exploit--I might be able to give you an answer Dash.
MCTS: SQL Server 2005 | MCP: Windows Server 2003 | MCTS: Microsoft Certified Technology Specialist | MCT: Microsoft Certified Trainer | MOS: Microsoft Office Specialist 2003 | VSP: VMware Sales Professional | MCTS: Vista

Offline Nemesis

  • Captain Kayn
  • Global Moderator
  • Commodore
  • *
  • Posts: 13067
From my understanding this is a local exploit, you need to be at the machine for it to work, no "drive by" attacks.  Also it is already patched.

Incorrect.

You really do need to specify which part is incorrect.

I went to the links at the end of the article  you quoted and found this:

Quote
This issue is easily exploitable for local privilege escalation. In order to exploit this, an attacker would create a mapping at address zero containing code to be executed with privileges of the kernel, and then trigger a vulnerable operation using a sequence like this:

Local privilege.  At the least this becomes a multi level attack where  you must launch one successful attack to get local privileges then attack this flaw to get to root access.

Quote
-------------------
Solution
-----------------------

Linus committed a patch correcting this issue on 13th August 2009.


So the patch is in.
Do unto others as Frey has done unto you.
Seti Team    Free Software
I believe truth and principle do matter. If you have to sacrifice them to get the results you want, then the results aren't worth it.
 FoaS_XC : "Take great pains to distinguish a criticism vs. an attack. A person reading a post should never be able to confuse the two."

Offline toasty0

  • Application.Quit();
  • Captain
  • *
  • Posts: 8045
  • Gender: Male
Good. Now to get folks to apply it.

EDIT: Which the article and posts like this make people aware of that there is a problem that needs to be fixed.

MCTS: SQL Server 2005 | MCP: Windows Server 2003 | MCTS: Microsoft Certified Technology Specialist | MCT: Microsoft Certified Trainer | MOS: Microsoft Office Specialist 2003 | VSP: VMware Sales Professional | MCTS: Vista

Offline KBF-Kurok

  • Lt.
  • *
  • Posts: 829
  • Gender: Male
With Ubuntu and Linux mint the upgraded Kernels are made available as soon as they are finished and tested. It is really a simple matter of  letting the updater do its thing and then rebooting into the new Kernel. The problem i have with windows is  there are always some kinda security updates and patching almost daily gets to be a real pita. Also windows does alot of stop gap stuff that needs to be repatched over and over again that leaves your puter exposed. I like how Linux does things and their patches usually fix the problem not work around it.
Of course as i write this in dl all the drivers for xp and getting ready to reinstall it because OP dosent work correctly in nix.
Kurok

Offline toasty0

  • Application.Quit();
  • Captain
  • *
  • Posts: 8045
  • Gender: Male
Toasty0 be dense. Toasty0 no understand. Toasty0 make post to alert Linux users about a possible security issue that need be addressed. Some forum members respond with rant about another OS "being worse".   ::)

How one link to other is mystery to Toasty0.
MCTS: SQL Server 2005 | MCP: Windows Server 2003 | MCTS: Microsoft Certified Technology Specialist | MCT: Microsoft Certified Trainer | MOS: Microsoft Office Specialist 2003 | VSP: VMware Sales Professional | MCTS: Vista