Linux Kernel Bugs

← Back to Stories (view on slashdot.org)

Posted by michael on Friday October 19, 2001 @01:59AM from the patching-time dept.

Armin Herbert writes: "According to this mail from Rafal Wojtczuk and a german article on Heise Online, there's a new severe bug in all Linux Kernels, from 2.2.0 up to 2.4.10, which allows users to become root on your system. Kernel 2.4.12 fixes this problem, and RedHat, Caldera and other distributors already supply patches for their Kernels. See Bugtraq for more information." Important notes for anyone running a multi-user system. Update: 10/19 16:12 GMT by J : If I'm reading Nergal's writeup correctly, 2.4.10 is still vulnerable to the local DoS, but not to the local root exploit. Separate issues. And as pheared points out, there is one unverified report of a custom 2.4.12 being vulnerable as well; please try the exploit on your system and let us know what you find. This is a big one, you can expect the kiddies have already added this to their rootkits. Update your systems now!

7 of 307 comments (clear)

This is so typical by Caine · 2001-10-19 02:06 · Score: 3, Funny

This happens all the time? When will people realize that Linux is inferior and unsecure. Everyone knows that open-source peer-review is a lousy tool for security-audits. No, why doesn't everyone run Microsoft products? They're completly secure and doesn't have any problems at all. Because that's the power of closed source.

Hope the irony isn't lost on you...
Thank goodness.. by Anonymous Coward · 2001-10-19 02:36 · Score: 2, Funny

And here i am trying to remember my password for root..
Re:Where's the Gartner Group? by hAkron · 2001-10-19 02:42 · Score: 2, Funny

I am working on a project to port IIS over to this effected kernel
Re:local DoS is no big deal, is it? by szo · 2001-10-19 02:47 · Score: 3, Funny

If you have stupid and malicious users, ulimit is your friend. And process accounting. And a baseball bat.

Szo

--
Red Leader Standing By!
Linux to hackers: Don't publish code by Mr.+Sketch · 2001-10-19 03:29 · Score: 2, Funny

In a recent article on CNet:

This week, Linus Torvalds, manager for Linux's security response center, published an essay on the company's site decrying the information and example code released by some companies and independent security consultants as "information anarchy."

"It's high time the security community stopped providing the blueprints for building these weapons," Linus wrote in the essay. "And it's high time that computer users insisted that the security community live up to its obligation to protect them."

"The state of affairs today allows even relative novices to build highly destructive (malicious software)," he wrote in the essay. "It's simply indefensible for the security community to continue arming cyber criminals. We can at least raise the bar."

"(We) don't purport to have the answer to the problem," he said in a Wednesday interview. "But we believe that these practices are harmful."

--
Things you think are in the Constitution, but are not.
Re:local DoS is no big deal, is it? by ENOENT · 2001-10-19 06:31 · Score: 3, Funny

And a baseball bat.

Shh! Not so loud! My boss still thinks that a LART is a sophisticated piece of network analysis hardware. I never told him that the bills we get for replacing broken LARTs come from the Louisville Slugger Company.

--
That's "Mr. Soulless Automaton" to you, Bub.
What a piece of shit! by Wonko42 · 2001-10-19 07:59 · Score: 2, Funny

What a shitty OS this is! They release an OS full of holes and then patch them all up afterward, and they expect us to see this as secure? Ha! Just goes to show why nobody in their right mind would ever use a shitty OS like Windo...er, Linux...
(sarcasm, you fool)