Announcement

Collapse
No announcement yet.

Linux Kernel Exploit Affecting Linux 3.3 To Linux 3.8

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Linux Kernel Exploit Affecting Linux 3.3 To Linux 3.8

    Phoronix: Linux Kernel Exploit Affecting Linux 3.3 To Linux 3.8

    A Linux kernel exploit was made public this weekend that affects versions of Linux going back to the 3.3 kernel. This exploit allows for user-space programs to gain root access through a bug in the kernel's networking code...

    Phoronix, Linux Hardware Reviews, Linux hardware benchmarks, Linux server benchmarks, Linux benchmarking, Desktop Linux, Linux performance, Open Source graphics, Linux How To, Ubuntu benchmarks, Ubuntu hardware, Phoronix Test Suite

  • #2
    Well, how do they say? "Open source is more secure because more people can see what's going on". Hahaha. Great.

    Comment


    • #3
      Glad I'm still on 3.2.

      Comment


      • #4
        Originally posted by Cthulhux View Post
        Well, how do they say? "Open source is more secure because more people can see what's going on". Hahaha. Great.
        You don't think these sorts of things happen all the time on closed-source operating systems? The fact that local privilege escalation and DOS attacks are even news on Linux systems when most of the big concerns on windows are remote security exploits shows just how much more secure Linux is.

        Comment


        • #5
          I hope that this bug will be fixed asap.

          Comment


          • #6
            Originally posted by Cthulhux View Post
            Well, how do they say? "Open source is more secure because more people can see what's going on". Hahaha. Great.
            Oh go away windows troll. On windows, this would have been hidden for 6 months (or longer) until some worm or trojan would exploit it and build a botnet, then microsoft would have conspired with FBI to arrest foreign citizens and confiscate their property just to get one botnet shut down, whose existence was their fault anyway, and then maybe in a couple of weeks, one beautiful patch tuesday, a fix might be posted...

            At least on linux, when a vulnerability is found, it gets fixed snappily. With linux, the exploits are usually found BEFORE they get to be exploited.

            Oh and before you get all "i use mac, not windows", I don't care, they're interchangeable to me. Mapplesoft, mipple, just different sides of the same shitty coin.

            Comment


            • #7
              "An unprivileged user can send a netlink message resulting in an out-of-bounds access of the sock_diag_handlers[] array which, in turn, allows userland to take over control while in kernel mode."
              ...A Buffer Overflow attack? Really?

              Seriously people: Bounds checking.

              Comment


              • #8

                It is obvious that there is range check missing for user sent data.
                This bug is present because developers
                1. inserted security hole intentionally
                2. are retards

                Comment


                • #9
                  Originally posted by JS987 View Post
                  http://git.kernel.org/?p=linux/kerne...295cc212e6bc32
                  It is obvious that there is range check missing for user sent data.
                  This bug is present because developers
                  1. inserted security hole intentionally
                  2. are retards
                  they should port the whole kernel to C#/.NET. There you got a nice garbage collector and don't have to worry about strange things like pointers and a buffer/memoryoverflow get's a nice exception.

                  ok, but seriously...someone should implement a background garbage collector and some meta-error handling in C and C++. That'd get rid of those 'security holes' instantely.

                  Comment


                  • #10
                    Originally posted by Detructor View Post
                    they should port the whole kernel to C#/.NET. There you got a nice garbage collector and don't have to worry about strange things like pointers and a buffer/memoryoverflow get's a nice exception.

                    ok, but seriously...someone should implement a background garbage collector and some meta-error handling in C and C++. That'd get rid of those 'security holes' instantely.
                    I was just going to say that C has got to be the worst language imaginable.

                    Comment

                    Working...
                    X