New Linux Kernel Vulnerability
Stop Or I'll Noop writes "Paul Starzetz writes, "A critical security vulnerability has been found in the Linux kernel memory management code inside the mremap(2) system call due to missing function return
value check. This bug is completely unrelated to the mremap bug disclosed on 05-01-2003 except concerning the same internal kernel function code." Full scoop here."
Update: 03/07 20:53 GMT by T : This vulnerability (and fixes) were mentioned briefly in an update to this earlier posting.
Oops. That HTML posting problem. This was what I was trying to say:
Apparently, only <= 2.6.2 is affected. How could this be fixed in 2.6.3 without anyone noticing that it might be a problem in earlier kernels?
Roses are #FF0000, violets are #0000FF, all my base are belong to you
Another kernel vulnerability was recently found in all FreeBSD (4.X and 5.x) versions.
:
e s/ FreeBSD-SA-04:04.tcp.asc
The TCP/IP stack can be stopped by sending unordered TCP fragments.
This is a serious remote vulnerability, and any FreeBSD with an open TCP port should be patched ASAP.
Here's a link to the official advisory
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisori
Regardless of the operating system you are running, always keep everything up to date.
{{.sig}}
I tried the "Proof-of-Concept" code. Nice thing about it is that it tells you two things. 1) If your kernel is vulnerable 2) If your vulnerability is exploitable.
I have one kernel that is vulnerable but not exploitable according to the Proof-of-Concept code. Saves me some time to not patch, recompile and reboot a new kernel.
I wish future vulnerability announcements will be like this one. e.g. contain Proof-of-Concept exploit code that can tell me whether or not the kernel/software I am running is vulnerable and/or exploitable.
The advisory was released Feb. 18, so this has all been public knowledge for over two weeks. This USENET post shows the vulnerability and upcoming exploit was known about, and slashdot is just plain late on this one.
You have had two weeks to patch your systems. I know slackware's advisory was sent right after the vulnerability became public knowledge.
That's a very naive, idealistic argument. American business often maximizes shareholder value by being as dishonest as possible, short of clearly breaking commonly enforced laws. Under your argument, Darl McBride is a "good guy" because he's a) rich from the SCOX pump-n-dump and b) not in jail (yet).
Anyway, go read "The Art Of War" or watch "The Godfather". It is a serious error to assume your enemy is weak, and I would recommend against that philosophy when securing critical assets.