Security researchers have uncovered "critical" security flaws in a version of the Linux kernel used by a large number of popular distributions. The three bugs allow unauthorized users to read or write to kernel memory locations or to access certain resources in certain servers, according to a SecurityFocus advisory.
They could be exploited by malicious, local users to cause denial of service attacks, disclose potentially sensitive information, or gain "root" privileges, according to security experts. The bug affects all versions of the Linux kernel up to version 2.6.24.1, which contains a patch. Distributions such as Ubuntu, Turbolinux, SuSE, Red Hat, Mandriva, Debian and others are affected. The problems are within three functions in the system call fs/splice.c, according to an advisory from Secunia.
They could be exploited by malicious, local users to cause denial of service attacks, disclose potentially sensitive information, or gain "root" privileges, according to security experts. The bug affects all versions of the Linux kernel up to version 2.6.24.1, which contains a patch. Distributions such as Ubuntu, Turbolinux, SuSE, Red Hat, Mandriva, Debian and others are affected. The problems are within three functions in the system call fs/splice.c, according to an advisory from Secunia.
EDIT: I seem to have missed the new feature of Neowin with the 'Via SITELINKHERE' stuff.
EDIT: I seem to have missed the new feature of Neowin with the 'Via SITELINKHERE' stuff.
Yeah, that's a terrible place to put the source links.
wtf does that mean? distros like fedora/ubuntu use non-vanilla kernels and seeing as they are the most popular ones, does that mean the vanilla kernel isn't affected? is just the vanilla kernel that is?
And here is a brief interview with the credited discoverer: http://searchsecurity.techtarget.com/news/...299605,00.html#
Seems to be all kernels from 2.6.17 up to (but not including) 2.6.23.16 or 2.6.24.2 are affected.
Chances are, if you update, you are patched.
And here is a brief interview with the credited discoverer: http://searchsecurity.techtarget.com/news/...299605,00.html#
Seems to be all kernels from 2.6.17 up to (but not including) 2.6.23.16 or 2.6.24.2 are affected.
Chances are, if you update, you are patched.
just updated my ubuntu server:
tom@server1:~$ sudo apt-get upgrade
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages will be upgraded:
linux-image-2.6.22-14-server linux-libc-dev
2 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Need to get 19.3MB of archives.
i guess i'm still vulnerable
Hell I didn't even hear of the flaw till after Arch Linux patched in the new kernel
Cripe, my Zenwalk 5.0 and Blag70000 were both patched before this alert was published! I've been beyond this kernel, 2.6.24.1, for a while now.
Don't believe this news. Getting root in Linux?? That's just plain ridiculous. Linux is so much more secure than any other OS. There is no need of being afraid or updating your kernel. The article is just another FUD from Ballmer.
P.S. Ubuntu is the best! I switched from Win95 two days ago and I'm so happy.
Yes, Linux can get rooted. Linux has good mechanisms in-place to have a secure system, but a poor admin can screw all that up in a heartbeat - you better believe it!
This article is not FUD. It is real, but only locally exploitable (you have a malicious user with an account already).
Finally, glad you like Linux. It is worlds better than Win95. And I like it better than XP or what I have seen of Vista on my kid's PC, but that starts getting into personal preferences, and is more subjective than objective.
but in all seriousness i think you have to be joking, i doubt any body could be that dumb to make any of those statments, if not then i am shocked I just cant believe you havent upgraded from 95 till now it is like 13 years oldi upgraded from 95 about 10 years ago!!!! i think you woudl have been just as happy if you upgraded to windows 98!!!. MS stopped supporting 95 YEARS ago, but i still think you must be joking, you have to be!!!
but in all seriousness i think you have to be joking, i doubt any body could be that dumb to make any of those statments, if not then i am shocked I just cant believe you havent upgraded from 95 till now it is like 13 years oldi upgraded from 95 about 10 years ago!!!! i think you woudl have been just as happy if you upgraded to windows 98!!!. MS stopped supporting 95 YEARS ago, but i still think you must be joking, you have to be!!!
Yes, I am joking.
But I just repeat the words of Neowin/Digg users.
When anyone tries to compare vulnerabilities using secunia, many people start telling that's biased and blame Microsoft.
People are counting the days some flaw in Windows is unpatched, but the don't mind when it'd a hole in Linux.
People upgrade from typewriter to Mac OS X and tell stories how Mac OS X is the best thing in the world.
Ubuntu users that "installed it 2 days ago and it works nearly perfect".
That's sad.
Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!
Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.