Slashdot Mirror


New Linux Kernel Vulnerability

Stop Or I'll Noop writes "Paul Starzetz writes, "A critical security vulnerability has been found in the Linux kernel memory management code inside the mremap(2) system call due to missing function return value check. This bug is completely unrelated to the mremap bug disclosed on 05-01-2003 except concerning the same internal kernel function code." Full scoop here." Update: 03/07 20:53 GMT by T : This vulnerability (and fixes) were mentioned briefly in an update to this earlier posting.

15 of 486 comments (clear)

  1. GNAA FP by lysol lysol lysol by Anonymous Coward · · Score: -1, Troll
    Hey Niggers!

    GNAA (GAY NIGGER ASSOCIATION OF AMERICA) is the first organization which
    gathers GAY NIGGERS from all over America and abroad for one common goal - being GAY NIGGERS.

    Are you GAY ?
    Are you a NIGGER ?
    Are you a GAY NIGGER ?

    If you answered "Yes" to any of the above questions, then GNAA (GAY NIGGER ASSOCIATION OF AMERICA) might be exactly what you've been looking for!
    Join GNAA (GAY NIGGER ASSOCIATION OF AMERICA) today, and enjoy all the benefits of being a full-time GNAA member.
    GNAA (GAY NIGGER ASSOCIATION OF AMERICA) is the fastest-growing GAY NIGGER community with THOUSANDS of members all over United States of America. You, too, can be a part of GNAA if you join today!

    Why not? It's quick and easy - only 3 simple steps!

    First, you have to obtain a copy of GAY NIGGERS FROM OUTER SPACE THE MOVIE (Click Here to download the ~280MB MPEG off of BitTorrent)

    Second, you need to succeed in posting a GNAA "first post" on slashdot.org, a popular "news for trolls" website

    Third, you need to join the official GNAA irc channel #GNAA on Evolnet (or EFNet), and apply for membership.
    Talk to one of the ops or any of the other members in the channel to sign up today!

    If you are having trouble locating #GNAA, the official GAY NIGGER ASSOCIATION OF AMERICA irc channel, you might be on a wrong irc network. The correct network is Evolnet (or EFNet), and you can connect to irc.gnaa.us as one of the Evolnet servers. (or irc.EFNet.nl for EFNet)
    If you have mod points and would like to support GNAA, please moderate this post up.

    This post brought to you by Lysol , a proud member of the GNAA.

    CLICK HERE TO SIGN THE PETITION TO BRING BACK GOATSE.CX!

    ________________________________________________
    | ______________________________________._a,____ |
    | _______a_._______a_______aj#0s_____aWY!400.___ |
    | __ad#7!!*P____a.d#0a____#!-_#0i___.#!__W#0#___ |
    | _j#'_.00#,___4#dP_"#,__j#,__0#Wi___*00P!_"#L,_ |
    | _"#ga#9!01___"#01__40,_"4Lj#!_4#g_________"01_ |
    | ________"#,___*@`__-N#____`___-!^_____________ |
    | _________#1__________?________________________ |
    | _________j1___________________________________ |
    | ____a,___jk_ GAY_NIGGER_ASSOCIATION_OF_AMERICA_|
    | ____!4yaa#l___________________________________ |
    | ______-"!^____________________________________ |
    ` _______________________________________________'

  2. *squelch* by SkunkPussy · · Score: -1, Troll

    what was that noise?

    that was the sound of 1 million script kiddies around the world coming in their pants

    --
    SURELY NOT!!!!!
  3. Re:Here we go again by Anonymous Coward · · Score: -1, Troll
    You wrote that on purpose? Har. Right, jackass.

    *_g_o_a_t_s_e_x_*_g_o_a_t_s_e_x_*_g_o_a_t_s_e_x_*_
    g_______________________________________________g_ _
    o_/_____\_____________\____________/____\_______o_ _
    a|_______|_____________\__________|______|______a_ _
    t|_______`._____________|_________|_______:_____t_ _
    s`________|_____________|________\|_______|_____s_ _
    e_\_______|_/_______/__\\\___--___\\_______:____e_ _
    x__\______\/____--~~__________~--__|_\_____|____x_ _
    *___\______\_-~____________________~-_\____|____*_ _
    g____\______\_________.--------.______\|___|____g_ _
    o______\_____\______//_________(_(__>__\___|____o_ _
    a_______\___.__C____)_________(_(____>__|__/____a_ _
    t_______/\_|___C_____)/_YHBT_\_(_____>__|_/_____t_ _
    s______/_/\|___C_____)__STFU_|__(___>___/__\____s_ _
    e_____|___(____C_____)\_HAND_/__//__/_/_____\___e_ _
    x_____|____\__|_____\\_________//_(__/_______|__x_ _
    *____|_\____\____)___`----___--'_____________|__*_ _
    g____|__\______________\_______/____________/_|_g_ _
    o___|______________/____|_____|__\____________|_o_ _
    a___|_____________|____/_______\__\___________|_a_ _
    t___|__________/_/____|_________|__\___________|t_ _
    s___|_________/_/______\__/\___/____|__________|s_ _
    e__|_________/_/________|____|_______|_________|e_ _
    x__|__________|_________|____|_______|_________|x_ _
    *_g_o_a_t_s_e_x_*_g_o_a_t_s_e_x_*_g_o_a_t_s_e_x_*_


    Important Stuff: Please try to keep posts on topic. Try to reply to other people's comments instead of starting new threads. Read other people's messages before posting your own to avoid simply duplicating what has already been said. Use a clear subject that describes what your message is about. Offtopic, Inflammatory, Inappropriate, Illegal, or Offensive comments might be moderated. (You can read everything, even moderated posts, by adjusting your threshold on the User Preferences Page) If you want replies to your comments sent to you, consider logging in or creating an account.

    Important Stuff: Please try to keep posts on topic. Try to reply to other people's comments instead of starting new threads. Read other people's messages before posting your own to avoid simply duplicating what has already been said. Use a clear subject that describes what your message is about. Offtopic, Inflammatory, Inappropriate, Illegal, or Offensive comments might be moderated. (You can read everything, even moderated posts, by adjusting your threshold on the User Preferences Page) If you want replies to your comments sent to you, consider logging in or creating an account.

    Important Stuff: Please try to keep posts on topic. Try to reply to other people's comments instead of starting new threads. Read other people's messages before posting your own to avoid simply duplicating what has already been said. Use a clear subject that describes what your message is about. Offtopic, Inflammatory, Inappropriate, Illegal, or Offensive comments might be moderated. (You can read everything, even moderated posts, by adjusting your threshold on the User Preferences Page) If you want replies to your comments sent to you, consider logging in or creating an account.

  4. Re:More critical vulnerability in FreeBSD by Anonymous Coward · · Score: -1, Troll

    Why was the above modded flamebait? It was informative, and said nothing inflammatory. If you want flamebait, let me show you the right way of doing it: YOU FUCKING BSD SNOBS! YOU CAN'T STAND PEOPLE SAYING ANYTHING BAD ABOUT YOUR STUPID LITTLE LEET OS, DO YOU, YOU SHITHEADS!? What? Can't bear the thought of having a security flaw in your "superior" OS?

    I agree, BSD fanatics are a hypersensitive bunch who like to look down on Linux users and praise themselves a lot. Look at the unfair moderation they do.

  5. Re:if you patched two weeks ago, you can ignore th by cperciva · · Score: 0, Troll

    So where _is_ that patch to fix these mremap bugs?

    The patch is here.

  6. Re:More critical vulnerability in FreeBSD by Anonymous Coward · · Score: -1, Troll

    I feel your pain. I work with a couple of BSD snobs (think the comic book store guy in the Simpsons). God, those people are annoying. I don't know if this is a general trait or if it's limited to the few Berkeley Snob Distribution people I've run into, but it seems they all have a deep-rooted inferiority complex and they use their choice of operating system to sate their inner need for dominance. It's rather sad.

  7. HA HA its about time! by Anonymous Coward · · Score: -1, Troll

    HA HA its about time fucking linux gets brought down. I hope this is the demise of that fucking piece of shit operating system. Linux SUCKS!!! Long live Windows 2000 Server!

  8. Now, Facts Are Facts by Anonymous Coward · · Score: -1, Troll


    Yet another sickening blow has struck what's left of the *BSD community, as a soon-to-be-released report by the independent Commision for Technology Management (CTM) after a year-long study has concluded: *BSD is already dead. Here are some of the commission's findings:

    Fact: the *BSDs have balkanized yet again. There are now no less than twelve separate, competing *BSD projects, each of which has introduced fundamental incompatibilities with the other *BSDs, and frequently with Unix standards. Average number of developers in each project: fewer than five. Average number of users per project: there are no definitive numbers, but reports show that all projects are on the decline.

    Fact: DragonflyBSD, yet another offshoot of the beleaguered FreeBSD "project", is already collapsing under the weight of internal power struggles and in-fighting. "They haven't done a single decent release," notes Mark Baron, an industry watcher and columnist. "Their mailing lists read like an online version of a Jerry Springer episode, complete with food fights, swearing, name-calling, and chair-throwing." Netcraft reports that DragonflyBSD is run on exactly 0% of internet servers.

    Fact: NetBSD, which claims to focus on portability (whatever that is supposed to mean), is slow, and cannot take advantage of multiple CPUs. "That about drove the last nail in the coffin for BSD use here," said Michael Curry, CTO of Amazon.com. "We took our NetBSD boxes out to the backyard and shot them in the head. We're much happier running Linux."

    Fact: There are almost no FreeBSD developers left, and its use, according to Netcraft, is down to a sadly crippled .005% of internet servers. "It's just not reliable," said Christine McGee, VP of Technology for eBay, Inc. "Nor do we find it a very modern OS. I would recommend Linux to anyone contemplating a server OS, or maybe Windows, before I would recommend a BSD."

    Fact: *BSD has no support from the media. Number of Linux magazines available at bookstores: 5 (Linux Journal, Linux World, Linux Developer, Linux Format, Linux User). Number of available *BSD magazines: 0. Current count of Linux-oriented technical books: 1071. Current count of *BSD books: 6.

    Fact: XFree86 is dropping support for *BSD. The remaining core group believes that the *BSDs have strayed too far from Unix standards and have become too difficult to support along with Linux and Solaris x86. "It's too much trouble," said one anonymous developer. "If they want to make their own standards, let them doing the porting for us."

    Fact: Many user-level applications will no longer work under *BSD, and no one is working to change this. The GIMP, a Photoshop-like application, has not worked at all under *BSD since version 1.1 (sorry, too much trouble for such a small base, developers have said). OpenOffice, a Microsoft Office clone, has never worked under *BSD and never will. ("Why would we bother?" said developer Steven Andrews, an OpenOffice team lead.)

    Fact: servers running OpenBSD, which claims to focus on security, are frequently compromised. According to Jim Markham, editor of the online security forum SecurityWatch, the few OpenBSD servers that exist on the internet have become a joke among the hacker community. "They make a game out of it," he says. "(OpenBSD leader) Theo [de Raadt] will scramble to make a new patch to fix one problem, and they've already compromised a bunch of boxes with a different exploit."

    With these incontroverible facts staring (what's left of) the *BSD community in the face, they can only draw one conclusion: *BSD is already dead.

  9. BSD Is Far More Insecure by Anonymous Coward · · Score: -1, Troll


    Yet another sickening blow has struck what's left of the *BSD community, as a soon-to-be-released report by the independent Commision for Technology Management (CTM) after a year-long study has concluded: *BSD is already dead. Here are some of the commission's findings:

    Fact: servers running OpenBSD, which claims to focus on security, are frequently compromised. According to Jim Markham, editor of the online security forum SecurityWatch, the few OpenBSD servers that exist on the internet have become a joke among the hacker community. "They make a game out of it," he says. "(OpenBSD leader) Theo [de Raadt] will scramble to make a new patch to fix one problem, and they've already compromised a bunch of boxes with a different exploit."

    Fact: DragonflyBSD, yet another offshoot of the beleaguered FreeBSD "project", is already collapsing under the weight of internal power struggles and in-fighting. "They haven't done a single decent release," notes Mark Baron, an industry watcher and columnist. "Their mailing lists read like an online version of a Jerry Springer episode, complete with food fights, swearing, name-calling, and chair-throwing." Netcraft reports that DragonflyBSD is run on exactly 0% of internet servers.

    Fact: the *BSDs have balkanized yet again. There are now no less than twelve separate, competing *BSD projects, each of which has introduced fundamental incompatibilities with the other *BSDs, and frequently with Unix standards. Average number of developers in each project: fewer than five. Average number of users per project: there are no definitive numbers, but reports show that all projects are on the decline.

  10. Re:Install windows! by Anonymous Coward · · Score: -1, Troll

    Whether you like it or not, windows is more secure that linux. Here's a penis so that you have a legitimate reason to mod me down:

    . ____
    .// ..7
    .(_,_/\
    . \ .. \
    . .\ .. \
    . __\ .. \__
    . (,,, \ ,,,)
    . \_____\__/

  11. New *BSD Vulnerability: Dying by Anonymous Coward · · Score: -1, Troll


    Yet another sickening blow has struck what's left of the *BSD community, as a soon-to-be-released report by the independent Commision for Technology Management (CTM) after a year-long study has concluded: *BSD is already dead. Here are some of the commission's findings:

    Fact: the *BSDs have balkanized yet again. There are now no less than twelve separate, competing *BSD projects, each of which has introduced fundamental incompatibilities with the other *BSDs, and frequently with Unix standards. Average number of developers in each project: fewer than five. Average number of users per project: there are no definitive numbers, but reports show that all projects are on the decline.

    Fact: DragonflyBSD, yet another offshoot of the beleaguered FreeBSD "project", is already collapsing under the weight of internal power struggles and in-fighting. "They haven't done a single decent release," notes Mark Baron, an industry watcher and columnist. "Their mailing lists read like an online version of a Jerry Springer episode, complete with food fights, swearing, name-calling, and chair-throwing." Netcraft reports that DragonflyBSD is run on exactly 0% of internet servers.

    Fact: There are almost no FreeBSD developers left, and its use, according to Netcraft, is down to a sadly crippled .005% of internet servers. A recent attempt at a face-to-face summit in Boulder, Colorado culminated in an out-and-out fistfight between core developers. Hotel security guards broke up the melee and banned the participants from the hotel. Two of the developers were hospitalized.

    Fact: NetBSD, which claims to focus on portability (whatever that is supposed to mean), is slow, and cannot take advantage of multiple CPUs. "That about drove the last nail in the coffin for BSD use here," said Michael Curry, CTO of Amazon.com. "We took our NetBSD boxes out to the backyard and shot them in the head. We're much happier running Linux."

    Fact: *BSD has no support from the media. Number of Linux magazines available at bookstores: 5 (Linux Journal, Linux World, Linux Developer, Linux Format, Linux User). Number of available *BSD magazines: 0. Current count of Linux-oriented technical books: 1071. Current count of *BSD books: 6.

    Fact: XFree86 is dropping support for *BSD. The remaining core group believes that the *BSDs have strayed too far from Unix standards and have become too difficult to support along with Linux and Solaris x86. "It's too much trouble," said one anonymous developer. "If they want to make their own standards, let them doing the porting for us."

    Fact: Many user-level applications will no longer work under *BSD, and no one is working to change this. The GIMP, a Photoshop-like application, has not worked at all under *BSD since version 1.1 (sorry, too much trouble for such a small base, developers have said). OpenOffice, a Microsoft Office clone, has never worked under *BSD and never will. ("Why would we bother?" said developer Steven Andrews, an OpenOffice team lead.)

    Fact: servers running OpenBSD, which claims to focus on security, are frequently compromised. According to Jim Markham, editor of the online security forum SecurityWatch, the few OpenBSD servers that exist on the internet have become a joke among the hacker community. "They make a game out of it," he says. "(OpenBSD leader) Theo [de Raadt] will scramble to make a new patch to fix one problem, and they've already compromised a bunch of boxes with a different exploit."

    With these incontroverible facts staring (what's left of) the *BSD community in the face, they can only draw one conclusion: *BSD is already dead.

    1. Re:New *BSD Vulnerability: Dying by Anonymous Coward · · Score: -1, Troll

      Reference your "facts" or be ridiculed.

  12. OpenBSD still looks good by Bloodax · · Score: 0, Troll

    This latest Linux root exploit bolsters my confidence even more in OBSD. I know they recently had a remote crash exploit, but the claim of no remote root exploit since '97? is a very good track record indeed.

    OBSD takes the time to validate their code. While OBSD or any OS will never be perfect, the OBSD method of engineering is still tops in my book.

  13. geez. i can out-code all you fags... by Anonymous Coward · · Score: -1, Troll

    maintainers of said problem code need to be fired.

  14. Re:Many eyes, but wide open or tight shut ? by PishiGorbeh · · Score: 0, Troll

    I've cracked my own box with it many times...