Announcement

Collapse
No announcement yet.

Linux Kernel Exploit Affecting Linux 3.3 To Linux 3.8

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Linux Kernel Exploit Affecting Linux 3.3 To Linux 3.8

    Phoronix: Linux Kernel Exploit Affecting Linux 3.3 To Linux 3.8

    A Linux kernel exploit was made public this weekend that affects versions of Linux going back to the 3.3 kernel. This exploit allows for user-space programs to gain root access through a bug in the kernel's networking code...

    http://www.phoronix.com/vr.php?view=MTMxMTg

  • #2
    Well, how do they say? "Open source is more secure because more people can see what's going on". Hahaha. Great.

    Comment


    • #3
      Glad I'm still on 3.2.

      Comment


      • #4
        Originally posted by Cthulhux View Post
        Well, how do they say? "Open source is more secure because more people can see what's going on". Hahaha. Great.
        You don't think these sorts of things happen all the time on closed-source operating systems? The fact that local privilege escalation and DOS attacks are even news on Linux systems when most of the big concerns on windows are remote security exploits shows just how much more secure Linux is.

        Comment


        • #5
          I hope that this bug will be fixed asap.

          Comment


          • #6
            Originally posted by Cthulhux View Post
            Well, how do they say? "Open source is more secure because more people can see what's going on". Hahaha. Great.
            Oh go away windows troll. On windows, this would have been hidden for 6 months (or longer) until some worm or trojan would exploit it and build a botnet, then microsoft would have conspired with FBI to arrest foreign citizens and confiscate their property just to get one botnet shut down, whose existence was their fault anyway, and then maybe in a couple of weeks, one beautiful patch tuesday, a fix might be posted...

            At least on linux, when a vulnerability is found, it gets fixed snappily. With linux, the exploits are usually found BEFORE they get to be exploited.

            Oh and before you get all "i use mac, not windows", I don't care, they're interchangeable to me. Mapplesoft, mipple, just different sides of the same shitty coin.

            Comment


            • #7
              "An unprivileged user can send a netlink message resulting in an out-of-bounds access of the sock_diag_handlers[] array which, in turn, allows userland to take over control while in kernel mode."
              ...A Buffer Overflow attack? Really?

              Seriously people: Bounds checking.

              Comment


              • #8
                http://git.kernel.org/?p=linux/kerne...295cc212e6bc32
                It is obvious that there is range check missing for user sent data.
                This bug is present because developers
                1. inserted security hole intentionally
                2. are retards

                Comment


                • #9
                  Originally posted by JS987 View Post
                  http://git.kernel.org/?p=linux/kerne...295cc212e6bc32
                  It is obvious that there is range check missing for user sent data.
                  This bug is present because developers
                  1. inserted security hole intentionally
                  2. are retards
                  they should port the whole kernel to C#/.NET. There you got a nice garbage collector and don't have to worry about strange things like pointers and a buffer/memoryoverflow get's a nice exception.

                  ok, but seriously...someone should implement a background garbage collector and some meta-error handling in C and C++. That'd get rid of those 'security holes' instantely.

                  Comment


                  • #10
                    Originally posted by Detructor View Post
                    they should port the whole kernel to C#/.NET. There you got a nice garbage collector and don't have to worry about strange things like pointers and a buffer/memoryoverflow get's a nice exception.

                    ok, but seriously...someone should implement a background garbage collector and some meta-error handling in C and C++. That'd get rid of those 'security holes' instantely.
                    I was just going to say that C has got to be the worst language imaginable.

                    Comment


                    • #11
                      Reminds me of openbsd backdoor

                      Originally posted by JS987 View Post
                      http://git.kernel.org/?p=linux/kerne...295cc212e6bc32
                      It is obvious that there is range check missing for user sent data.
                      This bug is present because developers
                      1. inserted security hole intentionally
                      2. are retards

                      A kernel developer who can submit kernel fix or module shall be good enough to avoid this pre-school level traps/bombs.

                      So the only problem is who he is and for whom he is working? Phoronix has an issue tracing back tool?

                      It is just slightly better than openbsd that it does not take 10 years to be discovered.

                      Comment


                      • #12
                        Originally posted by johnc View Post
                        I was just going to say that C has got to be the worst language imaginable.
                        that's why it is dominating the world.

                        Comment


                        • #13
                          Originally posted by Detructor View Post
                          they should port the whole kernel to C#/.NET. There you got a nice garbage collector and don't have to worry about strange things like pointers and a buffer/memoryoverflow get's a nice exception.

                          ok, but seriously...someone should implement a background garbage collector and some meta-error handling in C and C++. That'd get rid of those 'security holes' instantely.
                          C++ also support exceptions
                          http://www.cplusplus.com/reference/vector/vector/at/
                          GCC also can check array access, but not for C
                          -fbounds-check
                          For front ends that support it, generate additional code to check that indices used to access arrays are within the declared range. This is currently only supported by the Java and Fortran front ends, where this option defaults to true and false respectively.

                          Comment


                          • #14
                            Originally posted by nullone View Post
                            A kernel developer who can submit kernel fix or module shall be good enough to avoid this pre-school level traps/bombs.

                            So the only problem is who he is and for whom he is working? Phoronix has an issue tracing back tool?

                            It is just slightly better than openbsd that it does not take 10 years to be discovered.
                            David S. Miller is Red Hat employee
                            http://en.wikipedia.org/wiki/David_S._Miller

                            Comment


                            • #15
                              Well, I'm glad I'm using debian testing, which is so ancient that it is still on 3.2 kernel..
                              Yeah, I bet all of you are jealous of me now..

                              Comment

                              Working...
                              X