Linux Kernel Exploit Affecting Linux 3.3 To Linux 3.8

  • Filter
  • Time
  • Show
Clear All
new posts
  • phoronix
    • Jan 2007
    • 67353

    Linux Kernel Exploit Affecting Linux 3.3 To Linux 3.8

    Phoronix: Linux Kernel Exploit Affecting Linux 3.3 To Linux 3.8

    A Linux kernel exploit was made public this weekend that affects versions of Linux going back to the 3.3 kernel. This exploit allows for user-space programs to gain root access through a bug in the kernel's networking code...

    Phoronix, Linux Hardware Reviews, Linux hardware benchmarks, Linux server benchmarks, Linux benchmarking, Desktop Linux, Linux performance, Open Source graphics, Linux How To, Ubuntu benchmarks, Ubuntu hardware, Phoronix Test Suite
  • Cthulhux
    Senior Member
    • Oct 2012
    • 272

    Well, how do they say? "Open source is more secure because more people can see what's going on". Hahaha. Great.


    • dee.
      Senior Member
      • Jan 2013
      • 1477

      Glad I'm still on 3.2.


      • TheBlackCat
        Senior Member
        • Feb 2011
        • 1920

        Originally posted by Cthulhux View Post
        Well, how do they say? "Open source is more secure because more people can see what's going on". Hahaha. Great.
        You don't think these sorts of things happen all the time on closed-source operating systems? The fact that local privilege escalation and DOS attacks are even news on Linux systems when most of the big concerns on windows are remote security exploits shows just how much more secure Linux is.


        • leonmaxx
          Senior Member
          • Feb 2013
          • 176

          I hope that this bug will be fixed asap.


          • dee.
            Senior Member
            • Jan 2013
            • 1477

            Originally posted by Cthulhux View Post
            Well, how do they say? "Open source is more secure because more people can see what's going on". Hahaha. Great.
            Oh go away windows troll. On windows, this would have been hidden for 6 months (or longer) until some worm or trojan would exploit it and build a botnet, then microsoft would have conspired with FBI to arrest foreign citizens and confiscate their property just to get one botnet shut down, whose existence was their fault anyway, and then maybe in a couple of weeks, one beautiful patch tuesday, a fix might be posted...

            At least on linux, when a vulnerability is found, it gets fixed snappily. With linux, the exploits are usually found BEFORE they get to be exploited.

            Oh and before you get all "i use mac, not windows", I don't care, they're interchangeable to me. Mapplesoft, mipple, just different sides of the same shitty coin.


            • gamerk2
              Senior Member
              • Jun 2012
              • 606

              "An unprivileged user can send a netlink message resulting in an out-of-bounds access of the sock_diag_handlers[] array which, in turn, allows userland to take over control while in kernel mode."
              ...A Buffer Overflow attack? Really?

              Seriously people: Bounds checking.


              • JS987
                Senior Member
                • Sep 2012
                • 445


                It is obvious that there is range check missing for user sent data.
                This bug is present because developers
                1. inserted security hole intentionally
                2. are retards


                • Detructor
                  Senior Member
                  • Sep 2008
                  • 309

                  Originally posted by JS987 View Post
                  It is obvious that there is range check missing for user sent data.
                  This bug is present because developers
                  1. inserted security hole intentionally
                  2. are retards
                  they should port the whole kernel to C#/.NET. There you got a nice garbage collector and don't have to worry about strange things like pointers and a buffer/memoryoverflow get's a nice exception.

                  ok, but seriously...someone should implement a background garbage collector and some meta-error handling in C and C++. That'd get rid of those 'security holes' instantely.


                  • johnc
                    Official Fanboy
                    • May 2011
                    • 2276

                    Originally posted by Detructor View Post
                    they should port the whole kernel to C#/.NET. There you got a nice garbage collector and don't have to worry about strange things like pointers and a buffer/memoryoverflow get's a nice exception.

                    ok, but seriously...someone should implement a background garbage collector and some meta-error handling in C and C++. That'd get rid of those 'security holes' instantely.
                    I was just going to say that C has got to be the worst language imaginable.

