homepage Welcome to WebmasterWorld Guest from 107.22.141.14
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Home / Forums Index / Hardware and OS Related Technologies / Linux, Unix, and *nix like Operating Systems
Forum Library, Charter, Moderators: bakedjake

Linux, Unix, and *nix like Operating Systems Forum

    
Six Year Old Critical Bug In Linux Silently Patched
engine




msg:4189775
 1:56 pm on Aug 20, 2010 (gmt 0)

Six Year Old Critical Bug In Linux Silently Patched [networkworld.com]
The Linux kernel folks "silently" pushed out a patch for a critical privilege escalation bug this week. It was for a hole that could allow an attacker to execute code at the root level from any GUI application. The patch took two months after the flaw was reported on June 17, researchers says. SUSE engineers claim they originally found it, reported it and patched it in SUSE way back in September, 2004, says the security blog The H. But the SUSE patch never made its way into the kernel at that time.

 

wheel




msg:4189811
 2:51 pm on Aug 20, 2010 (gmt 0)

lol. That's funny on a couple of levels.

1) replace the word 'linux' with 'windows'
2) repost the article in a linux forum
3) stand back!

lammert




msg:4189886
 4:40 pm on Aug 20, 2010 (gmt 0)

When Microsoft issues a security patch, potential hackers have to disassemble the binary code and try to find the hole that patch fixed. With Linux it is much easier. You just download the kernel source code versions from just before and after the patch release. A source code comparison will exactly tell you which problem was present in the kernel.

Everyone with basic programming knowledge can do that. We will probably see a massive attack on unpatched Linux systems in the coming period.

Hope_Fowl




msg:4189902
 5:02 pm on Aug 20, 2010 (gmt 0)

lammert - It actually wasn't terribly silent nor hard to spot. Ubuntu this morning offered me "Important security updates", and clicking the Details button showed there were several kernel fixes to stack memory handling. That sounds like the bug which was described.

Of course, with Windows we'd be waiting for a corporation to consider blessing us with a fix because there's no stable option for users to contribute and distribute fixes.

Sylver




msg:4189936
 6:08 pm on Aug 20, 2010 (gmt 0)

Oh, the sweet irony.

frontpage




msg:4189942
 6:18 pm on Aug 20, 2010 (gmt 0)

I just did a YUM UPDATE KERNEL and the latest version was kernel.i686 0:2.6.18-194.11.1.el5

The kernel org says the bug has now been addressed in versions 2.6.27.52, 2.6.32.19, 2.6.34.4 and 2.6.35.2 of the kernel. It is now up to the distro makers to push the fix out to their users.


But over at Kernel.org they say 2.6.35.2 is the latest stable kernel.

I guess we will have to wait for Centos distro folks to catch up.

creeking




msg:4190030
 9:27 pm on Aug 20, 2010 (gmt 0)

what does this do to the live linux CD's I have sitting around?

jkovar




msg:4190077
 12:57 am on Aug 21, 2010 (gmt 0)

Wait, people actually use GUI applications on Linux?

Hoople




msg:4190686
 3:33 am on Aug 23, 2010 (gmt 0)

There have been recent MS Windows 7 bugs fixed that were found to exist as far back as Windows 95.

Some IE6 bugs that have been on the books since it released in 2001 were fixed in 2009 too!

My second point is that hackers are getting better at finding exploits that the programmers hadn't thought of safeguarding against back in the day.

graeme_p




msg:4191860
 9:57 am on Aug 25, 2010 (gmt 0)

@lammert, I doubt that there will be a massive attack because exploiting this requires either a locally installed malicious or compromised GUI app. Someone that far into the system can already do a lot of damage.

cmnetworx




msg:4235540
 6:30 am on Nov 27, 2010 (gmt 0)

I think Microsoft justifies patching bugs years later by calling them "Undocumented Features" until they come up with a fix..

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Hardware and OS Related Technologies / Linux, Unix, and *nix like Operating Systems
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved