Slashdot Mirror
Technical Review for Red Hat Linux 9
ewilts writes "Dax Kelson from Guru Labs has posted a technical review for Red Hat Linux 9. It's a definite read if you want to get away from the marketing fluff that focuses on eye-candy and instead read about the release from a sysadmin's point-of-view."
Date: Tue, 1 Apr 2003 2:11 PM
To: "Customer Awareness Forum" bugtraq@securityfocus.com
Subject: serious vulnerability present. all doomed. over.
S.E.L.L. -- ADVISORY NUMBER 4F4E45 --
"We totally deny the allegations, and we're trying to identify the allegators."
S.E.L.L disclosure timeline:
01/05/99: vulnerability identified and tested by S.E.L.L.
01/06/99: S.E.L.L. customers notified
01/06/99: oh, and I told my wife, she said it's silly
05/15/99: we got our tester out on bail
12/20/02: still don't get any respect from wife
03/30/03: vendors notified
04/01/03: public disclosure
Synopsis and impact:
A distributed denial of service condition is present in the election system in many polypartisan democratic countries. A group of determined but unskilled and not equipped low-income individuals, usually between 0.05% and 2% of overall population of the country, can cause serious disruptions or even a complete downfall of the democratic system and its institutions, and wreak havoc and destruction without using any force.
This is considerably less than the majority of voters required in more conventional attacks, at least in this social group.
The attack is generally difficult to prevent once occurs, since it is not possible to make immediate changes to election ordinances, especially once the process have started. Changes are often required to be passed at least one year before taking any effect. As such, patching the bug might take a considerable amount of time, perhaps also sufficient for the country to fall into chaos and oblivion, and for things of unspeakable horror to happen to all people like you and me.
Our company supports and takes pride in responsible and accurate vulnerability reporting.
Not vulnerable:
Attack details:
The attack relies on the fact that numerous election ordinances require a certain number of voter signatures to be collected in order for a candidate or a party to enter elections and be placed on a national election list.
This approach is generally non-discriminatory, and it is impossible to deny the right to be included on such a list for an otherwise eligible individual who collected a given number of verifiable signatures. Most countries do not implement a regulation that requires all votes on all lists to be unique - so a single person can change his or her mind and support two candidates. This is because of the difficulty of cross-verification - most election procedures must still rely on manual checking - and the possibility of malicious action of a hostile voter, of course.
Depending on the election level - local, parliament or presidential - a different number of signatures has to be collected. The number is usually everywhere from 0.05% to 2% of the total population - typical figures are 1000-10000 (common for parliament), or 100000-1000000 (presidential) for a medium to large country of 10-50 million citizens.
In our example, we use parliament elections where the minimum is set at 10000. In order for the attack to be successful, the attacker would have to find that many co-conspirators - usually not impossible, since many voters are dissatisfied with the system or life in general, or can be bribed or tricked into signing a list. A careful attacker might choose a larger number of co-conspirators to decrease the chances of the attack being detected in routine signature validation phase. This could lead to all conspirators being charged on the grounds of conspiracy to overthrow the government - although charging all 10001+ conspirators might be an
"The lesson to be learned is not to take the comments on slashdot too literally." --Vinnie Falco, BearShare