Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

New Linux Kernel Vulnerability

CmdrTaco posted more than 10 years ago | from the well-thats-just-not-pleasant dept.

Bug 486

Stop Or I'll Noop writes "Paul Starzetz writes, "A critical security vulnerability has been found in the Linux kernel memory management code inside the mremap(2) system call due to missing function return value check. This bug is completely unrelated to the mremap bug disclosed on 05-01-2003 except concerning the same internal kernel function code." Full scoop here." Update: 03/07 20:53 GMT by T : This vulnerability (and fixes) were mentioned briefly in an update to this earlier posting.

cancel ×

486 comments

Sorry! There are no comments related to the filter you selected.

GNAA FP by lysol lysol lysol (-1, Troll)

Anonymous Coward | more than 10 years ago | (#8490967)

Hey Niggers!

GNAA (GAY NIGGER ASSOCIATION OF AMERICA) is the first organization which
gathers GAY NIGGERS from all over America and abroad for one common goal - being GAY NIGGERS.

Are you GAY [tidbits.com] ?
Are you a NIGGER [i.guns.ru] ?
Are you a GAY NIGGER [antville.org] ?

If you answered "Yes" to any of the above questions, then GNAA (GAY NIGGER ASSOCIATION OF AMERICA) might be exactly what you've been looking for!
Join GNAA (GAY NIGGER ASSOCIATION OF AMERICA) today, and enjoy all the benefits of being a full-time GNAA member.
GNAA (GAY NIGGER ASSOCIATION OF AMERICA) is the fastest-growing GAY NIGGER community with THOUSANDS of members all over United States of America. You, too, can be a part of GNAA if you join today!

Why not? It's quick and easy - only 3 simple steps!

First, you have to obtain a copy of GAY NIGGERS FROM OUTER SPACE THE MOVIE [imdb.com] (Click Here [idge.net] to download the ~280MB MPEG off of BitTorrent)

Second, you need to succeed in posting a GNAA "first post" on slashdot.org [slashdot.org] , a popular "news for trolls" website

Third, you need to join the official GNAA irc channel #GNAA on Evolnet (or EFNet), and apply for membership.
Talk to one of the ops or any of the other members in the channel to sign up today!

If you are having trouble locating #GNAA, the official GAY NIGGER ASSOCIATION OF AMERICA irc channel, you might be on a wrong irc network. The correct network is Evolnet (or EFNet), and you can connect to irc.gnaa.us as one of the Evolnet servers. (or irc.EFNet.nl for EFNet)
If you have mod points and would like to support GNAA, please moderate this post up.

This post brought to you by Lysol [lysol.ws] , a proud member of the GNAA.

CLICK HERE TO SIGN THE PETITION TO BRING BACK GOATSE.CX! [petitiononline.com]

________________________________________________
| ______________________________________._a,____ |
| _______a_._______a_______aj#0s_____aWY!400.___ |
| __ad#7!!*P____a.d#0a____#!-_#0i___.#!__W#0#___ |
| _j#'_.00#,___4#dP_"#,__j#,__0#Wi___*00P!_"#L,_ |
| _"#ga#9!01___"#01__40,_"4Lj#!_4#g_________"01_ |
| ________"#,___*@`__-N#____`___-!^_____________ |
| _________#1__________?________________________ |
| _________j1___________________________________ |
| ____a,___jk_ GAY_NIGGER_ASSOCIATION_OF_AMERICA_|
| ____!4yaa#l___________________________________ |
| ______-"!^____________________________________ |
` _______________________________________________'

Many eyes, but wide open or tight shut ? (5, Insightful)

Space cowboy (13680) | more than 10 years ago | (#8490972)

I'm not sure whether this is a triumph of the distributed nature of the kernel, or a catastrophic failure of the whole model... The mremap() code was presumably
looked at in great depth just recently, after a critical vulnerability was found. A few weeks go by and another hugely important hole is found...


Since no special privileges are required to use the mremap(2) system call any
process may use its unexpected behavior to disrupt the kernel memory management
subsystem.

Proper exploitation of this vulnerability leads to local privilege escalation
giving an attacker full super-user privileges. The vulnerability may also lead
to a denial-of-service attack on the available system memory.


Now I know the consequences of a problem bear little relation to its root cause, but I am a little surprised at how this managed to find its way through all these eyes looking at the offending code a week or so ago. Actually making it work as a security hole looks to be reasonably complex, (which may be why it wasn't found, I guess), but if one piece of code can have 2 major vulnerabilities in as many weeks, maybe it's time to start worrying about when Linux *does* take over the desktop...

I thought the automated 'Stanford Checker' (sp ?) was ideal for this sort of problem ? (Where the returned value from a function is ignored...) Perhaps it was flagged up but took some in-depth analysis for the kernel developers to realise it really was a problem...

So, is this a master-stroke of the development model, with various people around the world all individually checking code and Hey! Someone found something, or is it a "failure" where all those people missed it the first time around, and it's a pure fluke it was found now.... I'm still not sure, but I'll give the benefit of the doubt to the model - hey, it's been fixed! :-)

Simon

Re:Many eyes, but wide open or tight shut ? (5, Insightful)

whig (6869) | more than 10 years ago | (#8491005)

I'd be more inclined to call this a demonstration of the successful "many-eyes" approach. The latest mremap() vulnerability took only a few weeks to be discovered, and the folks publishing it are "eyes" that have alerted kernel developers to the problem.

Re:Many eyes, but wide open or tight shut ? (4, Insightful)

H4x0r Jim Duggan (757476) | more than 10 years ago | (#8491142)

Yeh, but if you read the security report, this problem exists in *all* 2.2, 2.4, and 2.6 Linux's - so this local exploit has been sitting there for ~5 years before The Good Guys spotted it.

That's a long time. Maybe some crackers have been using this exploit during that time (or, of course, maybe they haven't).

Re:Many eyes, but wide open or tight shut ? (5, Insightful)

Liselle (684663) | more than 10 years ago | (#8491067)

In my humble opinion, it's an unavoidable part of making software. We have to be realistic: closed or open source, as a program gets more and more complex, more elaborate bugs come out, and some of them turn out to be exploitable. Having strict coding guidelines can help, having lots of eyes looking at the code helps, but ninja vulnerabilities will still stealth through.

My thinking is that Linux on the desktop is going to need a contingency plan for a widespread vulerability, similar to what Microsoft does with Automatic Updates. I know it's not perfect, but I'll be damned if I can think of anything better. It's nice to think you can make a bullet-proof kernel, but also naive.

Re:Many eyes, but wide open or tight shut ? (1)

wojci (248806) | more than 10 years ago | (#8491192)

Having strict coding guidelines can help, having lots of eyes looking at the code helps, but ninja vulnerabilities will still stealth through.

I am sure that many people developing and using The Linux Test Project test suite would also help find more bugs.
(Found by google after I began wondering if any automated test effort was taking place.)

Oh well... (0, Interesting)

Anonymous Coward | more than 10 years ago | (#8491069)

The date in the original threw me - I'm not from the US, and the month/day/year order just makes them damned hard to grok. It looks very much like this *was* the the same problem as a few weeks back...

Simon.
[Posted no-karma etc. yadda yadda...]

Re:Many eyes, but wide open or tight shut ? (0)

Anonymous Coward | more than 10 years ago | (#8491071)

I've not really checked this, but according to some posters, this is the SAME bug as that of a few weeks ago. The page was only updated to include some sample code.

Re:Many eyes, but wide open or tight shut ? (1)

imbaczek (690596) | more than 10 years ago | (#8491174)

Fortunatly, it's just an update to a previous report, not a new bug.

posted second! (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#8490980)

second post

first post too late

but second post just on time

not quite first post

close enough for second post

failure haiku (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#8491203)

You fucking fail it
Second post is not for you
Death is the answer

foo bar (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#8490981)

I swear allegiance to the cult of foo bar.

A lot of problems in mremap... (5, Insightful)

LucidityZero (602202) | more than 10 years ago | (#8490987)

Wasn't there a (third) problem with mremap back around summertime too? These all sound like barebones, common mistakes. Who is contributing this source? Was it all the same person? Maybe we should be checking his/her code a bit more closely!

Re:A lot of problems in mremap... (4, Funny)

Anonymous Coward | more than 10 years ago | (#8491046)

Maybe is was Linus, and we should stop accepting his contributions :-)

Re:A lot of problems in mremap... (2, Funny)

Hello this is Linus (757336) | more than 10 years ago | (#8491092)

quiet you. >:(

This is medium old news. (5, Informative)

Anonymous Coward | more than 10 years ago | (#8491153)

This is the second mremap() vulnerability finaly making it to slashdot. Note the date on the linked page, March 1.

You just thought it was the third because you already heard about two, and forgot that sometimes things take a week or so to make it to /.

Re:A lot of problems in mremap... (4, Funny)

Otter (3800) | more than 10 years ago | (#8491198)

These all sound like barebones, common mistakes. Who is contributing this source? Was it all the same person? Maybe we should be checking his/her code a bit more closely!

19 minutes later, and no one has blamed SCO yet? What's wrong with you people today?

Which kernels are effected (0)

Anonymous Coward | more than 10 years ago | (#8490989)

Which kernels are effected?

Piethein Strengholt

Re:Which kernels are effected (4, Informative)

Broken_Windows (658461) | more than 10 years ago | (#8491010)

From the release: Version: 2.2 up to and including 2.2.25, 2.4 up to to and including 2.4.24, 2.6 up to to and including 2.6.2

Re:Which kernels are effected (1)

pseudochaotic (548897) | more than 10 years ago | (#8491139)

Whew! I just installed 2.6.3, and i was afraid i would have to reinstall again.

Re:Which kernels are effected (0)

Anonymous Coward | more than 10 years ago | (#8491014)

RTFA!

Version: 2.2 up to and including 2.2.25, 2.4 up to to and including 2.4.24, 2.6 up to to and including 2.6.2

Install windows! (4, Funny)

Compunerd (107084) | more than 10 years ago | (#8490990)

Get windows CD
Boot
Install

bah

Re:Install windows! (-1, Flamebait)

Anonymous Coward | more than 10 years ago | (#8490996)

1) Fuck you.
2) Fuck you.
3) Fuck you.

Stupid bitch.

Re:Install windows! (1)

SphericalCrusher (739397) | more than 10 years ago | (#8491037)

Yeah, and get ten times the critical updates. Plus, Microsoft seems to always wait half of a year to a year to fix them, but with Linux, it's done really quickly. (Hints this bug)

Re:Install windows! (0)

Anonymous Coward | more than 10 years ago | (#8491164)

Wrong, install FreeBSD instead....

Damn (4, Insightful)

Broken_Windows (658461) | more than 10 years ago | (#8490993)

I really did not want to spend my Sunday patching kernels.

Re:Damn (all your base are belong to us) (4, Informative)

kompiluj (677438) | more than 10 years ago | (#8491022)

Oh really? I am running 2.4.25 on my all systems for two weeks already - since the first advisory. Patch or be patched.

Re:Damn (5, Funny)

Anonymous Coward | more than 10 years ago | (#8491065)

Don't bother. There's no published exploit. Have a beer. Watch the game. Don't worry. Relax. What's your IP?

Re:Damn (2, Funny)

Tremanhil (246867) | more than 10 years ago | (#8491084)

So turn off your PC, pop a bag of Kettle Corn or Pop Secret into the microwave and spend part of your Sunday popping kernals... and the rest watching movies.

And patch your kernel another day.

Re:Damn (1)

fire-eyes (522894) | more than 10 years ago | (#8491193)

If you'd have kept up to the latest stable, you wouldn't have this problem.

dupe (5, Insightful)

Feyr (449684) | more than 10 years ago | (#8490999)

huu dupe? that thing was released over a week ago!

Story is a troll!!!!! (4, Informative)

bangular (736791) | more than 10 years ago | (#8491093)

This story is old.

Version: 2.2 up to and including 2.2.25, 2.4 up to to and including 2.4.24, 2.6 up to to and including 2.6.2

2.6.3 and 2.4.25 have been out a while. This is _not_ a new vuln. All this will accomplish is a bunch of idiots saying "see, linux is insecure".

2.6.3? (-1, Offtopic)

say (191220) | more than 10 years ago | (#8491002)

Apparently, only .sigh.

Re:2.6.3? (4, Interesting)

say (191220) | more than 10 years ago | (#8491018)

Oops. That HTML posting problem. This was what I was trying to say:

Apparently, only <= 2.6.2 is affected. How could this be fixed in 2.6.3 without anyone noticing that it might be a problem in earlier kernels?

Not a new vulnerability (5, Informative)

Anonymous Coward | more than 10 years ago | (#8491003)

This is the same vulderability that was disclosed a few weeks ago. The advisory was updated on March 1st to include exploit code.

Re:Not a new vulnerability (0)

Anonymous Coward | more than 10 years ago | (#8491021)

Of course it is. This is just another example of Rob "The Troll" Malda trying to get an argument started. Rake in a bit more of that banner and subscriber money.

Re:Not a new vulnerability (0)

Anonymous Coward | more than 10 years ago | (#8491112)

This is just another example of Rob "The Troll" Malda trying to get an argument started.

It's beginning to look that way. A lot of stories I've seen recently don't seem to be newsworthy.

I'm guessing that we can expect a patch from SCO? (4, Funny)

rivaldufus (634820) | more than 10 years ago | (#8491004)

After all, if they can expect people to license Linux from them, they should be providing support.

Re:I'm guessing that we can expect a patch from SC (1)

shrinkwrap (160744) | more than 10 years ago | (#8491175)

Expect a patch? I'd rather sue them! LOL

Does this mean... (3, Funny)

mcx101 (724235) | more than 10 years ago | (#8491009)

...I'm going to have to patch the kernels on the Debian servers and reboot again?

That'll be the third time in as many months.

Re:Does this mean... (1)

Weird O'Puns (749505) | more than 10 years ago | (#8491120)

It's only a local exploit. So, if you are doing things correctly and other programs don't have any security issues that would give attacker access to your computer, you should be fine.

...but it is still a security risk. So, if I were you I'd patch.

Well, as they say... (2, Funny)

Anonymous Coward | more than 10 years ago | (#8491011)

In Linux it's a bug...

In Windows it's a feature.

Re:Well, as they say... (-1, Flamebait)

Anonymous Coward | more than 10 years ago | (#8491129)

No, no, no:

In Windows it's a bug

In Linux it's a feature of Open Source Software

Re:Well, as they say... (0)

Anonymous Coward | more than 10 years ago | (#8491149)

That would be funny if it weren't so disturbingly true. Here's one example (of many, many more I'm sure) with Internet Exploder's violating RFC's, which, in in combination with clueless apache admins, ends up in files like .wmv being sent happily as plain/text and rendered inline in standards compliant web-browsers (basically everything execept IE)

http://nagoya.apache.org/bugzilla/show_bug.cgi?i d= 13986

Re:Well, as they say... (0)

Anonymous Coward | more than 10 years ago | (#8491185)

Replying to myself: The problem is that Microsoft violates the RFCs by always sniffing the content, instead of using the MIME-type sent by the webserver, resulting in clueless apache admins who only build their sites for IE to not ever realize they have a misconfigured server, and as usual, everyone except Windows IE users suffers for IE's blatantly broken behavior. Here's another take on the problem:

http://weblogs.mozillazine.org/bz/archives/00465 4. html

Here we go again (0, Redundant)

lordsilence (682367) | more than 10 years ago | (#8491015)

Do I laugh or do I cry? ...
just when I had finished compiling 2.4.25 on my systems..
Did I read the security bullentin correctly, but would grsec and Limited per user virtual memory still not render this exploit harmless?

Re:Here we go again (0)

Anonymous Coward | more than 10 years ago | (#8491044)

If you read correctly (which you obviously didn't), you'd know that 2.4.25 ISN'T AFFECTED. Nice try, though.

Re:Here we go again (0)

lordsilence (682367) | more than 10 years ago | (#8491113)

Anonymous flamebait? Well, if I have to explain myself. I accidently read 2.2.25 as 2.4.25 when scimming through text.
But I guess it's your win this time.
I'd be very glad if you would simply correct me and
  • NOT
make silly comments regarding my reading-skills.

Re:Here we go again (0)

Anonymous Coward | more than 10 years ago | (#8491125)

It's spelled skimming, not "scimming."

Your writing skills are shitty too, apparently.

Re:Here we go again (1)

lordsilence (682367) | more than 10 years ago | (#8491159)

Or I simply wrote that by purpose to see if you'd pull another flame on me.
On the other hand, I could just be trying to make an excuse :)
You'll never know will you?
This is getting too much off-topic.

Re:Here we go again (-1, Troll)

Anonymous Coward | more than 10 years ago | (#8491165)

You wrote that on purpose? Har. Right, jackass.

*_g_o_a_t_s_e_x_*_g_o_a_t_s_e_x_*_g_o_a_t_s_e_x_*_
g_______________________________________________g_ _
o_/_____\_____________\____________/____\_______o_ _
a|_______|_____________\__________|______|______a_ _
t|_______`._____________|_________|_______:_____t_ _
s`________|_____________|________\|_______|_____s_ _
e_\_______|_/_______/__\\\___--___\\_______:____e_ _
x__\______\/____--~~__________~--__|_\_____|____x_ _
*___\______\_-~____________________~-_\____|____*_ _
g____\______\_________.--------.______\|___|____g_ _
o______\_____\______//_________(_(__>__\___|____o_ _
a_______\___.__C____)_________(_(____>__|__/____a_ _
t_______/\_|___C_____)/_YHBT_\_(_____>__|_/_____t_ _
s______/_/\|___C_____)__STFU_|__(___>___/__\____s_ _
e_____|___(____C_____)\_HAND_/__//__/_/_____\___e_ _
x_____|____\__|_____\\_________//_(__/_______|__x_ _
*____|_\____\____)___`----___--'_____________|__*_ _
g____|__\______________\_______/____________/_|_g_ _
o___|______________/____|_____|__\____________|_o_ _
a___|_____________|____/_______\__\___________|_a_ _
t___|__________/_/____|_________|__\___________|t_ _
s___|_________/_/______\__/\___/____|__________|s_ _
e__|_________/_/________|____|_______|_________|e_ _
x__|__________|_________|____|_______|_________|x_ _
*_g_o_a_t_s_e_x_*_g_o_a_t_s_e_x_*_g_o_a_t_s_e_x_*_


Important Stuff: Please try to keep posts on topic. Try to reply to other people's comments instead of starting new threads. Read other people's messages before posting your own to avoid simply duplicating what has already been said. Use a clear subject that describes what your message is about. Offtopic, Inflammatory, Inappropriate, Illegal, or Offensive comments might be moderated. (You can read everything, even moderated posts, by adjusting your threshold on the User Preferences Page) If you want replies to your comments sent to you, consider logging in or creating an account.

Important Stuff: Please try to keep posts on topic. Try to reply to other people's comments instead of starting new threads. Read other people's messages before posting your own to avoid simply duplicating what has already been said. Use a clear subject that describes what your message is about. Offtopic, Inflammatory, Inappropriate, Illegal, or Offensive comments might be moderated. (You can read everything, even moderated posts, by adjusting your threshold on the User Preferences Page) If you want replies to your comments sent to you, consider logging in or creating an account.

Important Stuff: Please try to keep posts on topic. Try to reply to other people's comments instead of starting new threads. Read other people's messages before posting your own to avoid simply duplicating what has already been said. Use a clear subject that describes what your message is about. Offtopic, Inflammatory, Inappropriate, Illegal, or Offensive comments might be moderated. (You can read everything, even moderated posts, by adjusting your threshold on the User Preferences Page) If you want replies to your comments sent to you, consider logging in or creating an account.

Re:Here we go again (0)

Anonymous Coward | more than 10 years ago | (#8491168)

Yeah, it is getting off-topic.

Maybe you should go back to jerking off and stop trying to look smart. It just isn't working for you.

Stupid bitch.

Re:Here we go again (1)

lordsilence (682367) | more than 10 years ago | (#8491196)

Or irritating people who don't have access to 0days and trying to leech slashdot for vulns. could go back and do what-ever they were doing before, rather then flaming people who made a mistake. *yawns*

Re:Here we go again (0)

Anonymous Coward | more than 10 years ago | (#8491204)

If you're going to try to insult anyone, learn how to fucking speak English properly you jackass.

What the fuck is that post even supposed to mean? Maybe if you spent less time playing with your prick you might know how to express yourself properly. *yawns*

Re:Here we go again (1)

lordsilence (682367) | more than 10 years ago | (#8491211)

Appearently you and I have nothing better to do then write replies to eachother.
Yes, yawning is known to "spread".

Re:Here we go again (0)

Anonymous Coward | more than 10 years ago | (#8491182)

You put a typo in a comment to get someone to flame you for it? That's your excuse?

You really are a fuckwit, aren't you?

Re:Here we go again (5, Informative)

bafu (580052) | more than 10 years ago | (#8491145)

Do I laugh or do I cry? ...

Laugh, I would say. While both laughing and crying are versatile enough to be used regardless of whether it is a time of great happiness or great sadness, laughing is definitely more "out there".

just when I had finished compiling 2.4.25 on my systems..

Anyone who "just finished compiling" the latest release of their favorite kernel tree is all set (assuming the installed it), since this "new kernel vulnerability" is only new in the /. sense. I would think that people who are super-concerned about such things would recognize that in reading the bulletin.

Did I read the security bullentin correctly

No, you did not. :-( When it said...

2.2 up to and including 2.2.25, 2.4 up to to and including 2.4.24, 2.6 up to to and including 2.6.2

...you mistook the 2.2 for a 2.4 and thought that it effected your 2.4.25 kernel.

Amazing what a one line oversight can do (5, Insightful)

Anonymous Coward | more than 10 years ago | (#8491016)

Just compare the time and effort putting together the 3 page write up on the bug to the cost of reviewing and fixing the code in question when it was originally written. I believe the study that found that once the bug leaves the development shop to go to consumers it costs $9000 per line to fix. It's as true in open source as it is for closed source.

Can someone quickly fix this ? (5, Funny)

Anonymous Coward | more than 10 years ago | (#8491020)

So we can get back to bitching about Window's security flaws :D

Not a big deal really (5, Informative)

jmoen (169557) | more than 10 years ago | (#8491030)

Seems like none of the current releases are affected by this anyway. Ref. the article:
Only version: 2.2 up to and including 2.2.25, 2.4 up to to and including 2.4.24, 2.6 up to to and including 2.6.2

-jmoen-

"Windows users: want Security, install linux"??? (5, Funny)

Padrino121 (320846) | more than 10 years ago | (#8491032)

Slowly but surely as Linux is getting more mainstream it seems the same kind of holes that perpetually plague Windows exist in Linux as well.

It might be time to take a page from the MS book and take a few weeks for a full line by line audit.

Re:"Windows users: want Security, install linux"?? (-1, Flamebait)

Anonymous Coward | more than 10 years ago | (#8491059)

Is that supposed to be funny, or are you just fucking ignorant?

Last I checked, I don't think I've ever had a VBScript virus infect my Linux box.

Maybe you need to take that page and shove it back up whatever orifice you pulled it out of.

Re:"Windows users: want Security, install linux"?? (2, Interesting)

Padrino121 (320846) | more than 10 years ago | (#8491144)

Neither have I, but that wasn't the point of my post.

The goal a lot of people have is to make Linux mainstream, that means that less and less knowledgeable users will be using it. If Linux continues to suffer from kernel exploits from time to time just like Windows then those same users will be running executable mail viruses built for Linux just like they do for Windows now.

A lot of people I've seen using Linux have a false sense of security and therefore aren't as careful as they are on Windows (which is a scary thing because we all know how insecure Windows is).

Re:"Windows users: want Security, install linux"?? (0)

Anonymous Coward | more than 10 years ago | (#8491187)

Bugs happen. Your post is just a sign of ignorance.

Re:"Windows users: want Security, install linux"?? (0)

Anonymous Coward | more than 10 years ago | (#8491195)

Why wasn't this modded +5 funny?

It might be time to take a page from the MS book and take a few weeks for a full line by line audit.

Look, security is a process, not a one-time event! And this is the result of that process. You don't look for problems because there aren't any. You look for problems because, in something as complex as an OS, there are bound to be problems and it is better than you find and fix them before a black hat finds and exploits them.

And you never stop looking!

Somewhere . . . (5, Funny)

Prince Vegeta SSJ4 (718736) | more than 10 years ago | (#8491035)

A Giddy Billionaire is scheming:

Kernel 2.6.4-rc2-bk3: Never, I'll Never turn to the Dark side, I'm open source...like my father before me.

Bill: So be it, open source

Bill: if you will not be turned, you will be destroyed (shooting purple lightning bolts)

Bill: You will pay the price for your lack of vision

Kernel 2.6.4-rc2-bk3: Linus please (in agony).

.....to be continued

I await my -5 (Troll)

Clueless lamer (1)

baudbarf (451398) | more than 10 years ago | (#8491036)

How does one go about patching his kernel, pray tell?

Re:Clueless lamer (1)

KingOfBLASH (620432) | more than 10 years ago | (#8491124)

Well it depends what distribution of Linux you're using. On some versions it's as simple as downloading an RPM via an update script and rebooting, on others it actually involves compiling the kernel. What distribution are you using?

YOUR OPERATING SYSTEM MAY BE LEAKING (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#8491039)

AN IP ISSUE. CLICK HERE [userfriendly.org] TO CONTINUE.

-----
# Important Stuff: Please try to keep posts on topic.
# Try to reply to other people's comments instead of starting new threads.
# Read other people's messages before posting your own to avoid simply duplicating what has already been said.
# Use a clear subject that describes what your message is about.
# Offtopic, Inflammatory, Inappropriate, Illegal, or Offensive comments might be moderated. (You can read everything, even moderated posts, by adjusting your threshold on the User Preferences Page)

Problems regarding accounts or comment posting should be sent to CowboyNeal

From the link... (2, Informative)

Spoing (152917) | more than 10 years ago | (#8491040)

  1. Synopsis: Linux kernel do_mremap VMA limit local privilege escalation vulnerability

Local, not remote.

In general: If an attacker has local access or can gain the equivelent by using a remote access tool, a local exploit can be a problem.

So, personally I'm not too worried though others with different types of users or configurations might have a high level of concern.

That would be.. (0)

Anonymous Coward | more than 10 years ago | (#8491202)

That would be every admin of a linux server with user accounts... college student linux user accounts.

smug justice (-1, Flamebait)

Anonymous Coward | more than 10 years ago | (#8491047)

remember the solaris local root exploit earlier this week? remember how the linux/bsd fanboys smirked incessantly?

*smirk* right back at you, baby.

Old news (5, Informative)

phaze3000 (204500) | more than 10 years ago | (#8491053)

This is why 2.6.3 was released, as discussed in this [slashdot.org] slashdot story from the 18th of Feb. The date on the linked article is March 1 - this is a second document on the same vulnerability that gives more details. It was not released at the time to give people a chance to patch.

Re:Old news (1, Insightful)

Anonymous Coward | more than 10 years ago | (#8491199)

This is why 2.6.3 was released, as discussed in this slashdot story from the 18th of Feb.

Slashdot in general needs to get a grip. Far too much of this kind of thing going on. Its getting close to the edge of not worth spending any time at all on slashdot.

known since 18. feb. 2004 (5, Informative)

gst (76126) | more than 10 years ago | (#8491058)

actually this vulnerability was announced on 18. feb. 2004 by isec (see http://lwn.net/Articles/71682/).

isec just waited some weeks until they released the exploit...

Laymens terms? (2, Funny)

oldosadmin (759103) | more than 10 years ago | (#8491061)

Could someone please say what this vulnerability is in English? That article made my head hurt.

Re:Laymens terms? (5, Funny)

WWWWolf (2428) | more than 10 years ago | (#8491172)

Sure. A program can ask the operating system kernel to Do Things. Now, someone has found out that when you ask the kernel to Do Things certain way, the kernel subsequently thinks you are the Boss.

Like, you have this stack of forms you want the computer signed. You hand them over to the computer. One of the papers is "Do whatever I say" form that would give you the Power. The computer won't read it and just signs it along with the others, then hands you the forms back.

How's that for an explanation?

Re:Laymens terms? (1)

oldosadmin (759103) | more than 10 years ago | (#8491208)

Ah. But this a local vulnerability right?

Forget patching the kernel, I'm just gonna lock my door.

P.S. I'm getting screwed by the no-karma Funny mod again. A +2 post == -2 karma for me. PLEASE FIX THIS.

And why do you guys blame just windows... (0, Interesting)

Anonymous Coward | more than 10 years ago | (#8491063)

Hmmm... seems the much-hyped linux too has its share of bugs and holes.
And with a 25 year history of UNIX behind it, it is "surprising" to say the least.
And how do you avid windows-baiters react to it? How come you hypocrites just blow Windows bugs out of proportion while attempting to cover up Linux kernel holes?
With just 6 year history bejind it i think Windows has come a far way from Linux (what it was when a 6 year old).

Moral: People in Glass houses should not throw stones: So you UNIX/Linux guys just suck up and keep quiet instead of baiting WIndows hereafter.

Re:And why do you guys blame just windows... (0)

Anonymous Coward | more than 10 years ago | (#8491091)

Atta boy !
Don't you think Windows with its 98% share should be more responsible?

i beg your pardon? (5, Insightful)

hot_Karls_bad_cavern (759797) | more than 10 years ago | (#8491121)

"...And how do you avid windows-baiters react to it? How come you hypocrites just blow Windows bugs out of proportion while attempting to cover up Linux kernel holes?..."

Um, the source code for the *fix* is listed *in* the article (you didn't read it did you?)

i don't call posting fixed code and owning up to an exploitable coding error "covering up".

Re:And why do you guys blame just windows... (0)

Anonymous Coward | more than 10 years ago | (#8491188)

Isn't it great the way Slashdot censors your posts. Parent is valid comment (and no I didn't post it) yet it gets modded -1, Flamebait. It wasn't flamebait but a fairly accurate comment on the situation (except that Linux doesn't have a 25 year history of UNIX behind it; Linux - assuming SCO is wrong - is a completely independent implementation of UNIX. If you're looking for a free genetic UNIX try *BSD).

Which kernels!? (0)

nbensa (730579) | more than 10 years ago | (#8491068)

None of my kernels are vulnerable/exploitable (2.4.25, 2.6.3-mm{2,3}, 2.6.4-rc1-mm2)

So, which ones are exploitable?

Thanks.

Re:Which kernels!? (0)

nbensa (730579) | more than 10 years ago | (#8491105)

After the obligatory RTFA:

Version: 2.2 up to and including 2.2.25, 2.4 up to to and including 2.4.24,
2.6 up to to and including 2.6.2

Thankfully, I'm running Windows... (-1, Flamebait)

Anonymous Coward | more than 10 years ago | (#8491073)

...and my computer is turned off right now. For once, my system is more secure than yours. Take that, Linux zealots! Ha ha!

Michael Moore is an idiot! (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#8491074)

"We like nonfiction and we live in fictitious times. We live in a time where we have fictitious election results, that elect a fictitious president. We live in a time where we have a man sending us to war for fictitious reasons" - Michael Moore's acceptance speech at the Oscars.

Lets face it, Michael Moore is an idiot and we should take back his Oscar. Where does he get off calling our President fictitious...moreover, sending a quarter of a million troops into war for "fictitious reasons."

Moore along with the Dixie Chicks, should pack their bags and make a b-line for nearest communist country. Their personal attacks on our beloved President are cowardly and utterly disrespectful.

Mr. President Bush, if you ever read this article, take peace in knowing that while the majority of Hollywood is not taking sides with you, the majority of America supports your cause as it is in the best interest of national security. God Bless your soul, God Bless the troops in Iraq, God Bless America!

I'm glad I voted for you. And just in case if any of you out there are wondering what party I am? I'm not a republican, but an independent.

Remember, most of what Moore says are lies. Including elements that are included in his movies. To find out the truth please visit MOORE WATCH. [moorewatch.com]

Important to Remember (3, Interesting)

rudy_wayne (414635) | more than 10 years ago | (#8491078)

When a Windows vulnerability is patched, it is proof that closed source software is evil.

Wne a Linux vulnerability is patched, it is proof that open source software is wonderful.

Re:Important to Remember (0)

Anonymous Coward | more than 10 years ago | (#8491110)

Oh, really? I thought it was more like this:

-If- a Windows vulnerability is patched, it's usually a few weeks to a month after that. Details of the problem are never disclosed to the consumer.

-When- a Linux vulnerability is patched, details of the problem are offered to the users, and the problem is usually patched extremely rapidly, particularly if it is a security problem.

I suppose I shouldn't have expected much from a jackass with your kind of trolling record, but there you have it.

Re:Important to Remember (0)

eldacan (726222) | more than 10 years ago | (#8491179)

Sigh...

When a Windows vulnerability is patched, it is proof that closed source software is evil.

When a critical Windwos vulnerability is patched thre months after its discovery, it is proof that blahblahblah.

Wne a Linux vulnerability is patched, it is proof that open source software is wonderful.

When a [critical, or whatever...] Linux vulnerability is patched within minutes/hours/even a few days, it is proof that open source software works.

This guy seems to be staring holes into mremap (0)

Anonymous Coward | more than 10 years ago | (#8491086)

I hope when this guy is finished with mremap that he is continiuing with other functions :).

From an administrative view it would have been much nicer if he would have released his findings after he finished the complete code review.

Otherwise code review is a not very rewarding task so there's no reason to accuse this guy.

*squelch* (-1, Troll)

SkunkPussy (85271) | more than 10 years ago | (#8491108)

what was that noise?

that was the sound of 1 million script kiddies around the world coming in their pants

More critical vulnerability in FreeBSD (4, Interesting)

chrysalis (50680) | more than 10 years ago | (#8491116)

Another kernel vulnerability was recently found in all FreeBSD (4.X and 5.x) versions.

The TCP/IP stack can be stopped by sending unordered TCP fragments.

This is a serious remote vulnerability, and any FreeBSD with an open TCP port should be patched ASAP.

Here's a link to the official advisory :

ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisorie s/ FreeBSD-SA-04:04.tcp.asc

Regardless of the operating system you are running, always keep everything up to date.

?!?! Guys?!?! (0)

Anonymous Coward | more than 10 years ago | (#8491127)

This is old bug! Look at versions! 2.2.26, 2.4.25 and 2.6.3 are out for couple of days. Who is admin on slashdot? Does he checks news? There are three mrremap bugs, but two. Kill this article.

don't worry, be happy. (1)

nuckin futs (574289) | more than 10 years ago | (#8491137)

No need to worry, and we all know why...
a patch will be out (if it isn't already out) within days, sometimes hours. I don't have to rely on MS.

The mremap coder did so well (0, Funny)

Anonymous Coward | more than 10 years ago | (#8491143)

He's flying to Redmond to join team Longhorn. Efforts in open source can get you a paying job!

This has been fixed already. (-1, Redundant)

Anonymous Coward | more than 10 years ago | (#8491155)

This is pretty old news. It was fixed weeks ago in 2.2.26, 2.4.25, and 2.6.3.

The whole reason the above kernels were released was because of this vulernability.

This security announcement is redundant.

MICROSOFT FUNDED THIS BUG! (-1, Offtopic)

blair1q (305137) | more than 10 years ago | (#8491163)

That's what Eric Raymond said.

And he's never told a lie.

Not the way to make friends. (2, Interesting)

stock (129999) | more than 10 years ago | (#8491166)

This guy investigating mremap is saving a new vulnerability for every week. He's working only to get his name printed everywhere. I cannot take this seriously. If he's a genuine security analyst, he'd fix _all_ mremap related bugs within 1 patch.

My biggest grief, is him not releasing source code patches for genuine kernel.org kernels. If he's so good to release sploits, he's good enough to submit source code patches.

Robert

Date format (5, Insightful)

mandrews (139863) | more than 10 years ago | (#8491167)

disclosed on 05-01-2003

OK time for me to tilt at a few windmills. Aside from the date being off by a year (the link quotes the date as 05-01-2004), is this supposed to be 1st of May or the 5th of January?

In an international forum and for clarity, ISO 8601 dates [cam.ac.uk] . Therefore: 2004-01-05.

Sorry for the rant, but I work for an international company, and have spent sizable parts of meetings trying to figure out which version of a document is "most recent", 2/3/04 or 3/2/04.

if you patched two weeks ago, you can ignore this (3, Informative)

redmoss (108579) | more than 10 years ago | (#8491197)

This is partially redundant to a few of the other posts here saying that this vulnerability was already disclosed several weeks ago. However, I thought I'd add that if you already patched, check the vulnerability ID; in this case it's CAN-2004-0077. Your patch should have specifically mentioned this ID. If not, you need to patch again.

Thank $DEITY I don't need to patch/reboot again. I was starting to get a bit annoyed at having to patch the kernel twice in two months. Scheduling reboots of machines in use by many people is no fun.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?