Page 1 of 7 123 ... LastLast
Results 1 to 10 of 67

Thread: Linux Kernel Exploit Affecting Linux 3.3 To Linux 3.8

  1. #1
    Join Date
    Jan 2007
    Posts
    13,432

    Default Linux Kernel Exploit Affecting Linux 3.3 To Linux 3.8

    Phoronix: Linux Kernel Exploit Affecting Linux 3.3 To Linux 3.8

    A Linux kernel exploit was made public this weekend that affects versions of Linux going back to the 3.3 kernel. This exploit allows for user-space programs to gain root access through a bug in the kernel's networking code...

    http://www.phoronix.com/vr.php?view=MTMxMTg

  2. #2
    Join Date
    Oct 2012
    Posts
    210

    Default

    Well, how do they say? "Open source is more secure because more people can see what's going on". Hahaha. Great.

  3. #3
    Join Date
    Jan 2013
    Posts
    1,354

    Default

    Glad I'm still on 3.2.

  4. #4
    Join Date
    Feb 2011
    Posts
    943

    Default

    Quote Originally Posted by Cthulhux View Post
    Well, how do they say? "Open source is more secure because more people can see what's going on". Hahaha. Great.
    You don't think these sorts of things happen all the time on closed-source operating systems? The fact that local privilege escalation and DOS attacks are even news on Linux systems when most of the big concerns on windows are remote security exploits shows just how much more secure Linux is.

  5. #5
    Join Date
    Feb 2013
    Posts
    55

    Default

    I hope that this bug will be fixed asap.

  6. #6
    Join Date
    Jan 2013
    Posts
    1,354

    Default

    Quote Originally Posted by Cthulhux View Post
    Well, how do they say? "Open source is more secure because more people can see what's going on". Hahaha. Great.
    Oh go away windows troll. On windows, this would have been hidden for 6 months (or longer) until some worm or trojan would exploit it and build a botnet, then microsoft would have conspired with FBI to arrest foreign citizens and confiscate their property just to get one botnet shut down, whose existence was their fault anyway, and then maybe in a couple of weeks, one beautiful patch tuesday, a fix might be posted...

    At least on linux, when a vulnerability is found, it gets fixed snappily. With linux, the exploits are usually found BEFORE they get to be exploited.

    Oh and before you get all "i use mac, not windows", I don't care, they're interchangeable to me. Mapplesoft, mipple, just different sides of the same shitty coin.

  7. #7
    Join Date
    Jun 2012
    Posts
    307

    Default

    "An unprivileged user can send a netlink message resulting in an out-of-bounds access of the sock_diag_handlers[] array which, in turn, allows userland to take over control while in kernel mode."
    ...A Buffer Overflow attack? Really?

    Seriously people: Bounds checking.

  8. #8
    Join Date
    Sep 2012
    Posts
    311

    Default

    http://git.kernel.org/?p=linux/kerne...295cc212e6bc32
    It is obvious that there is range check missing for user sent data.
    This bug is present because developers
    1. inserted security hole intentionally
    2. are retards

  9. #9
    Join Date
    Sep 2008
    Posts
    251

    Default

    Quote Originally Posted by JS987 View Post
    http://git.kernel.org/?p=linux/kerne...295cc212e6bc32
    It is obvious that there is range check missing for user sent data.
    This bug is present because developers
    1. inserted security hole intentionally
    2. are retards
    they should port the whole kernel to C#/.NET. There you got a nice garbage collector and don't have to worry about strange things like pointers and a buffer/memoryoverflow get's a nice exception.

    ok, but seriously...someone should implement a background garbage collector and some meta-error handling in C and C++. That'd get rid of those 'security holes' instantely.

  10. #10
    Join Date
    May 2011
    Posts
    1,295

    Default

    Quote Originally Posted by Detructor View Post
    they should port the whole kernel to C#/.NET. There you got a nice garbage collector and don't have to worry about strange things like pointers and a buffer/memoryoverflow get's a nice exception.

    ok, but seriously...someone should implement a background garbage collector and some meta-error handling in C and C++. That'd get rid of those 'security holes' instantely.
    I was just going to say that C has got to be the worst language imaginable.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •