Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Linux Kernel Vulnerability

Posted by CmdrTaco on from the well-thats-just-not-pleasant dept.

Stop Or I'll Noop writes "Paul Starzetz writes, "A critical security vulnerability has been found in the Linux kernel memory management code inside the mremap(2) system call due to missing function return value check. This bug is completely unrelated to the mremap bug disclosed on 05-01-2003 except concerning the same internal kernel function code." Full scoop here." Update: 03/07 20:53 GMT by T : This vulnerability (and fixes) were mentioned briefly in an update to this earlier posting.

31 of 486 comments (clear)

  1. Install windows! by Compunerd · · Score: 4, Funny

    Get windows CD
    Boot
    Install

    bah

    --
    Computers are like air conditioners.
    - They stop working when you open Windows.
    1. Re:Install windows! by arose · · Score: 3, Funny

      Reboot in 60 seconds...
      Reboot in 60 seconds...
      Reboot in 60 seconds... ...

      --
      Analogies don't equal equalities, they are merely somewhat analogous.
  2. I'm guessing that we can expect a patch from SCO? by rivaldufus · · Score: 4, Funny

    After all, if they can expect people to license Linux from them, they should be providing support.

  3. Does this mean... by mcx101 · · Score: 3, Funny

    ...I'm going to have to patch the kernels on the Debian servers and reboot again?

    That'll be the third time in as many months.

    --
    My operat~1 system unders~1 long filena~1 , does yours?
    1. Re:Does this mean... by Akoma+The+Immortal · · Score: 2, Funny

      Ignorance is a bliss!!

      How can I break my own uptime record of 253 days beetween reboot when you patch all the useless local exploits!?!?! Stop it!!

      14:37:24 up 42 days, 14:38, 1 user, load average: 1.50, 0.48, 0.16

      And comming down because of you!!

      Geeee, those FOSS guys are terrible.

      --
      assert(expired(knowldege)); core dump
  4. Well, as they say... by Anonymous Coward · · Score: 2, Funny

    In Linux it's a bug...

    In Windows it's a feature.

  5. Can someone quickly fix this ? by Anonymous Coward · · Score: 5, Funny

    So we can get back to bitching about Window's security flaws :D

  6. "Windows users: want Security, install linux"??? by Padrino121 · · Score: 5, Funny

    Slowly but surely as Linux is getting more mainstream it seems the same kind of holes that perpetually plague Windows exist in Linux as well.

    It might be time to take a page from the MS book and take a few weeks for a full line by line audit.

  7. Somewhere . . . by Prince+Vegeta+SSJ4 · · Score: 5, Funny
    A Giddy Billionaire is scheming:

    Kernel 2.6.4-rc2-bk3: Never, I'll Never turn to the Dark side, I'm open source...like my father before me.

    Bill: So be it, open source

    Bill: if you will not be turned, you will be destroyed (shooting purple lightning bolts)

    Bill: You will pay the price for your lack of vision

    Kernel 2.6.4-rc2-bk3: Linus please (in agony).

    .....to be continued

    I await my -5 (Troll)

  8. Re:A lot of problems in mremap... by Anonymous Coward · · Score: 4, Funny

    Maybe is was Linus, and we should stop accepting his contributions :-)

  9. Laymens terms? by oldosadmin · · Score: 2, Funny

    Could someone please say what this vulnerability is in English? That article made my head hurt.

    --
    Jay | http://oldos.org
    1. Re:Laymens terms? by WWWWolf · · Score: 5, Funny

      Sure. A program can ask the operating system kernel to Do Things. Now, someone has found out that when you ask the kernel to Do Things certain way, the kernel subsequently thinks you are the Boss.

      Like, you have this stack of forms you want the computer signed. You hand them over to the computer. One of the papers is "Do whatever I say" form that would give you the Power. The computer won't read it and just signs it along with the others, then hands you the forms back.

      How's that for an explanation?

  10. Re:Damn by Anonymous Coward · · Score: 5, Funny

    Don't bother. There's no published exploit. Have a beer. Watch the game. Don't worry. Relax. What's your IP?

  11. Re:Damn by Tremanhil · · Score: 2, Funny

    So turn off your PC, pop a bag of Kettle Corn or Pop Secret into the microwave and spend part of your Sunday popping kernals... and the rest watching movies.

    And patch your kernel another day.

  12. Re:A lot of problems in mremap... by Hello+this+is+Linus · · Score: 2, Funny

    quiet you. >:(

    --
    Hello, this is Linus Torvalds, and I pronounce Linux as Linux!
  13. The mremap coder did so well by Anonymous Coward · · Score: 0, Funny

    He's flying to Redmond to join team Longhorn. Efforts in open source can get you a paying job!

  14. Re:A lot of problems in mremap... by Otter · · Score: 4, Funny
    These all sound like barebones, common mistakes. Who is contributing this source? Was it all the same person? Maybe we should be checking his/her code a bit more closely!

    19 minutes later, and no one has blamed SCO yet? What's wrong with you people today?

    --
    What I'm listening to now on Pandora...
  15. Re:Install windows! more like by frause · · Score: 5, Funny

    Get a windows CD
    Boot
    Reboot
    Install
    Reboot
    Install some more
    Reboot
    Continue installation
    Reboot
    Register windows installation
    Change a setting
    Reboot

    bah

  16. Re:Important to Remember by Anonymous Coward · · Score: 5, Funny

    TO DO:

    Log onto slashdot.
    Bash Microsoft.
    Bash the bashers of Microsoft.
    Bash the bashers of the bashers of Microsoft.
    ... ad infinitum

  17. Re:Which kernels are effected by Anonymous Coward · · Score: 1, Funny
    Yeah, I just used my time dilator to install kernal 2.8.14, but then I checked and they've found yet another exploit that dates all the way back to version 2.0! So I set the time machine even further out and you're not going to believe this but--

    +++no carrier

  18. Re:Many eyes, but wide open or tight shut ? by wojci · · Score: 2, Funny

    The Linux Test Project test suite

    --
    /wojci
  19. Re:Important to Remember by FattMattP · · Score: 5, Funny
    When a Windows vulnerability is patched, it is proof that closed source software is evil.
    You misspelled if.
    --
    Prevent email address forgery. Publish SPF records for y
  20. Re:Which kernels are effected by Jeremy+Erwin · · Score: 3, Funny

    RTFA!

    Version: 2.2 up to and including 2.2.25, 2.4 up to to and including 2.4.24, 2.6 up to to and including 2.6.2.

    No, these kernels are affected. My guess is that kernels 2.2.26, 2.4.25. and 2.6.3 will be effected. The effect of a vulnerability is usually a bugfix release, as an unpatched kernel negatively affects security.

  21. Re:Can't agree more by Traa · · Score: 2, Funny

    I predict the "Decamillenium bug"! Think of all those boxes that are still running 8000 years from now switching from 9999-12-31 to 10000-01-01, there goes the lexically sorted database.

    (j/k)

  22. My god when will Microsoft learn? by Pvt_Waldo · · Score: 1, Funny

    When are they ever going to get their act together and stop releasing such a buggy OS with these security violations!

    Oh.... wait....

  23. Re:Date format by Nicolas+Pillot · · Score: 2, Funny

    I have a dream : everyone starts working on the 13th of every month. There would be no date conflict, and furthermore, you would have much more holidays :-)

  24. Re:Typical user experience. by Endive4Ever · · Score: 2, Funny

    That isn't his job. His job is to sit on his hands and watch them struggle, then come here and slag Microsoft for fun.

    --
    ---
  25. Re:eyes wide stupid? by Anonymous Coward · · Score: 5, Funny

    simply disable all local user accounts.

    I really dont understand what all the fuss is about.

  26. Re:Many eyes, but wide open or tight shut ? by Ironica · · Score: 4, Funny

    This guy deserves an insightful mod. (emphasis added)

    *ahem*

    [displays 46th chromosome, which is clearly an X]

    --
    Don't you wish your girlfriend was a geek like me?
  27. Re:Many eyes, but wide open or tight shut ? by CyberDruid · · Score: 3, Funny
    [displays 46th chromosome, which is clearly an X]

    Young lady, on this site we do not expose ourselves in public. The dress code clearly states that skirts must go _below_ the 46:th chromosome.

    --

    Opinions stated are mine and do not reflect those of the Illuminati

  28. change of language ? by rkoot · · Score: 2, Funny
    Wouldn't it be a good idea to rewrite the kernel in a different language, say, Ada95?
    I believe that these exploits couldn't be in the kernel *if* it was written in Ada95.

    r.