A new security hole has been found in Linux. All it takes is a C program and shell access (to upload and run the program). Not only did this young program find the bug, but he has also released patches to fix this bug for kernels 2.4 & 2.6.
A Linux bug was recently uncovered by a young Norwegian programmer that, when exploited by a simple C program, could crash most Linux 2.4 or 2.6 distributions running on an x86 architecture. "Using this exploit to crash Linux systems requires the (ab)user to have shell access or other means of uploading and running the program—like cgi-bin and FTP access," reports the discoverer, Øyvind Sæther.
"The program works on any normal user account, and root access is not required," Sæther reported. "This exploit has been reported used to take down several 'lame free-shell providers' servers. [Running code you know will damage a system intentionally and hacking in general] is illegal in most parts of the world and strongly discouraged." Along with the code needed to use the exploit, Sæther also posted several patches to 2.4 and 2.6 kernels that will keep the exploit from crashing systems.
News source: eWeek
-1 Comments - Add comment