A new security hole has been found in Linux. All it takes is a C program and shell access (to upload and run the program). Not only did this young program find the bug, but he has also released patches to fix this bug for kernels 2.4 & 2.6.
A Linux bug was recently uncovered by a young Norwegian programmer that, when exploited by a simple C program, could crash most Linux 2.4 or 2.6 distributions running on an x86 architecture. "Using this exploit to crash Linux systems requires the (ab)user to have shell access or other means of uploading and running the program—like cgi-bin and FTP access," reports the discoverer, Øyvind Sæther.
"The program works on any normal user account, and root access is not required," Sæther reported. "This exploit has been reported used to take down several 'lame free-shell providers' servers. [Running code you know will damage a system intentionally and hacking in general] is illegal in most parts of the world and strongly discouraged." Along with the code needed to use the exploit, Sæther also posted several patches to 2.4 and 2.6 kernels that will keep the exploit from crashing systems.
News source: eWeek
A Linux bug was recently uncovered by a young Norwegian programmer that, when exploited by a simple C program, could crash most Linux 2.4 or 2.6 distributions running on an x86 architecture. "Using this exploit to crash Linux systems requires the (ab)user to have shell access or other means of uploading and running the program—like cgi-bin and FTP access," reports the discoverer, Øyvind Sæther.
"The program works on any normal user account, and root access is not required," Sæther reported. "This exploit has been reported used to take down several 'lame free-shell providers' servers. [Running code you know will damage a system intentionally and hacking in general] is illegal in most parts of the world and strongly discouraged." Along with the code needed to use the exploit, Sæther also posted several patches to 2.4 and 2.6 kernels that will keep the exploit from crashing systems.
News source: eWeek
Additional note; the store only accepts Mastercard, Visa, Solo and Switch. A strange move to ignore the ever popular electron card, a card mainly used by the music listening youth that Apple would be more than wise to tap into. The store also requires a credit card (or one of the above) to register an account for the service.
It's neat that he released the patch along with the exploit.
GJ
The posted exploit is different, becase it only required an account on the computer and not physical access to it. As is the case with about 90% of all web hosting packages.
As for the patch being released with the exploit, releasing a patch or workaround for the exploit is standard reporting procedure industy wide. Fixing the vulns is the easy part, finding them is by far the more difficult of the two.
OMFGGG LINUXSSS IS TEH 5H17!!@#!#!#! MS WINDOW RULZZE!@#!
That's right I am back.
For the most part, Neowinners are a reasonable group.
</td></tr></table></td></tr></table></center><!--NeoquoteEnd-->
Haha, good one.
I tried it and it did crash my Gentoo-Dev-Sources-2.6.5-r1 based kernel.
Yes. I complain about Windows. Why? Because if I pay for the Operating System I expect it to work. If I use a free one I use it at my own risk. That's why. If Windows fails and I paid for it I have the right to complain.
(Not trying to bash or anything)
#1.1 - I agree. If you pay for something you expect to get a working product. If it's something you get for free you are already taking a risk and if it has problems theres always the "oh well, at least i didn't pay huge licensing fees for it".
lool
Big deal
Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!
Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.