Slashdot Mirror

← Back to Stories (view on slashdot.org)

Linux Kernel Bugs

Posted by michael on from the patching-time dept.

Armin Herbert writes: "According to this mail from Rafal Wojtczuk and a german article on Heise Online, there's a new severe bug in all Linux Kernels, from 2.2.0 up to 2.4.10, which allows users to become root on your system. Kernel 2.4.12 fixes this problem, and RedHat, Caldera and other distributors already supply patches for their Kernels. See Bugtraq for more information." Important notes for anyone running a multi-user system. Update: 10/19 16:12 GMT by J : If I'm reading Nergal's writeup correctly, 2.4.10 is still vulnerable to the local DoS, but not to the local root exploit. Separate issues. And as pheared points out, there is one unverified report of a custom 2.4.12 being vulnerable as well; please try the exploit on your system and let us know what you find. This is a big one, you can expect the kiddies have already added this to their rootkits. Update your systems now!

4 of 307 comments (clear)

  1. Huh? by SilentChris · · Score: 0, Flamebait
    Where's the laughing? The stupidity of having root wide open? The glee?

    Oh yeah, it's Linux.

  2. Why this is(n't) funny by TheMMaster · · Score: 3, Flamebait

    To all the people that feel really good about this because they are sick of microsoft being attacked about this: Good for you, you deserve it, enjoy because it won't happen again this year ;-)

    Now to all the linux zealots here: To make sure that this doesn't become a problem we NEED to patch EVERY machine we can find and tell EVERYONE that has a linux box to patch it, why? because NOW it's funny, there isn't a worm out with a remote exploit of GPM that triggers an error Identd to give away your "Games" password so you can log on and become root ;-)

    but we must make sure that this disappears ASAP or else this sure as hell won't be funny anymore. PLEASE make sure that we won't get staroffice macro virusses, sircam 4 linux etc... THAT we will be the laughing stock of the entire software world... I'll bet that microsoft competetion management (r) is already producing FUD on this....

    --
    Fighting for peace is like fucking for virginity
  3. How it works by shanek · · Score: 1, Flamebait

    So, let's see, when someone points out a flaw in a Microsoft product, Microsoft ignores it, until it gets out to the public, then Microsoft issues a patch (which may or may not fix the actual problem). It gets exploited (usually in the form of viruses and worms than spread like wildfire), and then Microsoft whines about "information anarchy."

    When a flaw in Linux is discovered, they just fix the damn kernel and say, "oops."

    Of the two, I know which one I like better.

  4. Re:Linux to hackers: Don't publish code by Laplace · · Score: 1, Flamebait
    Dear Jasonzzzzz,

    I would use sarcasm to ridicule your suggestion, but I fear that the point would be lost on you.

    One of the joys of humor can be subtlety. Pull your whiny head out of your ass and read some more. You might learn to laugh without being prompted by a laugh track.

    --
    The middle mind speaks!