ie8 fix
madison

Zero Day

Ryan Naraine, Emil Protalinski and Dancho Danchev
Home / News & Blogs / Zero Day

Remote buffer overflow bug bites Linux Kernel

By | November 5, 2008, 9:03am PST

Summary: A remote buffer overflow vulnerability in the Linux Kernel could be exploited by attackers to execute code or cripple affected systems, according to a Gentoo bug report that just became public. The flaw could allow malicious hackers to launch arbitrary code with kernel-level privileges.  This could lead to complete system compromise or, in some cases [...]

Remote buffer overflow flaw in Linux KernelA remote buffer overflow vulnerability in the Linux Kernel could be exploited by attackers to execute code or cripple affected systems, according to a Gentoo bug report that just became public.

The flaw could allow malicious hackers to launch arbitrary code with kernel-level privileges.  This could lead to complete system compromise or, in some cases if an exploit fails, result in denial-of-service attacks.

This from the Gentoo bug report:

  • Anders Kaseorg discovered that ndiswrapper did not correctly handle long ESSIDs. If ndiswrapper is in use, a physically near-by attacker could generate specially crafted wireless network traffic and crash the system, leading to a denial of service.

Secunia rates this a “moderately critical” vulnerability:

  • The vulnerability is caused due to a boundary error in the ndiswrapper kernel driver when processing wireless network packets. This can be exploited to cause a buffer overflow via an overly long ESSID (Extended Service Set Identifier). Successful exploitation may allow execution of arbitrary code.

The vulnerability (CVE-2008-4395) affects Linux Kernel 2.6.27.   As a temporary mitigation, Linux users should disable wireless network card that are not in use.

Kick off your day with ZDNet's daily e-mail newsletter. It's the freshest tech news and opinion, served hot. Get it.

More from “Zero Day”

Topics

Linux Kernel, Buffer-overflow, Wireless Network, Linux, Wi-Fi, Wireless, Security, Open Source, Operating Systems, Software, Ryan Naraine

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues.

Disclosure

Ryan Naraine

The most important disclosure is of my employment with Kaspersky Lab as a member of the global research and analysis team. Kaspersky Lab is a global company specializing in anti-malware and secure content management technologies. I do not own stocks or other investments in any technology company.

Biography

Ryan Naraine

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content management technologies.

Prior to joining Kaspersky Lab, Ryan was Editor-at-Large/Security at eWEEK, leading the magazine's and Web site's coverage of Internet and computer security issues and managing the popular SecurityWatch blog, covering the daily threats, vulnerabilities and IT security technologies. He also covered IT security, hacker attacks and secure content management topics for Jupiter Media's internetnetnews.com.

Ryan can be reached at naraine SHIFT 2 gmail.com. For daily updates on Ryan's activities, follow him on Twitter.

Related Discussions on TechRepublic

Did you know you can take part in these discussions with your ZDNet membership?
Ask a Question Start a Discussion
120
Comments
Add Your Opinion

Join the conversation!

Just In

RE: Remote buffer overflow bug bites Linux Kernel
birumut Updated - 5th May 2011
Great!!! thanks for sharing this information to us!
seslisohbet seslichat
View in thread
0 Votes
+ -
So it ISN'T a kernel bug
Real World Updated - 5th Nov 2008
it's a kernel DRIVER bug. That's akin to a bad video driver in Windows.

This is not a Linux problem, it's an NDISWRAPPER problem.

You should correct the first line of this article, which reads: "A remote buffer overflow vulnerability in the Linux Kernel..."

*edited - added last paragraph*
0 Votes
+ -
It is
soulxfer@... 5th Nov 2008
windows takes all the blame for driver issues (almost all BSOD are driver related), and this one is not a linux bug... also if code can be executed at kernel level, it is kernel bug
0 Votes
+ -
Here is how you know that it isn't
Real World 5th Nov 2008
You can't fix this by modifying the kernel source.
0 Votes
+ -
A distinction without a difference
Yagotta B. Kidding 5th Nov 2008
How many people know the difference? How many of those care?

From a practical perspective, they're identical.
0 Votes
+ -
It matters in knowing where to point the blame
Michael Kelly 5th Nov 2008
It's not a part of the vanilla Linux kernel tree, so Torvalds and his lieutenants would not be the ones to point the finger at.

But yes, from a user perspective it makes no difference.
0 Votes
+ -
Raise the bar
Real World 5th Nov 2008
If your audience is those who don't differentiate between disk space and RAM, you're right, it is essentially the same thing. But if you're writing a blog on a technical forum, you need to realize that a bug in a driver != a bug in the kernel.
0 Votes
+ -
Use same scale
soulxfer@... 5th Nov 2008
True, but then use the same scale when folks bash Windows for driver issues. Nobody points this out clearly ...
0 Votes
+ -
It's a word choice
Michael Kelly 5th Nov 2008
If you want to say it affects the Linux system, that would be technically correct and proper. People don't call driver issues in Windows a Windows kernel issue, they just call it a Windows issue. But since it is not in the Linux kernel proper, calling it a Linux kernel issue is a bit misleading, because most Linux systems are not affected by this. Though it does not affect its severity.
0 Votes
+ -
For what it's worth
Real World 5th Nov 2008
I do. happy
0 Votes
+ -
Yes but sometime it is a driver that is supplied...
mrlinux 6th Nov 2008
by Microsoft. When you look at driver details it states its from Microsoft.
0 Votes
+ -
How many... PLENTY
shryko 6th Nov 2008
How many people know the difference? How many of those care?

well, if I've learned anything, it's that the typical windows user? doesn't know much, if anything. something killed windows, windows has a problem, they think/say... or they're the power user (a less common group), who often knows more about the system, but it's something deep in windows... outside what they've learned, I'd expect, as they've not had to adjust any settings for the driver knowing it was the driver they were changing...

meanwhile, all of those who I know that have worked with Linux? know the difference between the kernel and the kernel drivers. and yes, that's 100% of the people I know who use linux. (I've had debates with basically all of them over philosophy of stuff)

so... how many know the difference? Not many in windows, but the vast majority in linux. How many of those care? In windows, next to none, in Linux? I'd bet that a MUCH bigger proportion do.

Practically the same? Yeah, it can be... but Linux doesn't have a unified bug reporting system built into it. Windows does. So if windows crashes for any reason, you send an error report to Microsoft. Linux dies? it's up to you to deal with reporting it. Ergo, linux requires you to know who to send the report to, generally (if you report it)... Windows it's definitely considered the same.
0 Votes
+ -
NDISWrapper
daengbo 6th Nov 2008
It's important to understand WHICH driver is at fault, too, to understand the impact it has. This is a driver which wraps Windows wireless drivers for use in kernel 2.6.27 only, meaning you need to be using a Windows wireless driver and the latest kernel. The NDISWrapper driver needs to be installed separately installed in most cases, too, because it's not part of the official kernel source. ( http://ndiswrapper.sourceforge.org )

Since the latest kernel supports almost all wireless chipsets except a couple of Broadcom ones, this driver is much less common than it was a couple of years ago. In fact, it requires manual setup in most distributions.

The bottom line? While no remote buffer exploit can be safely ignored, very few people are actually affected by this one.If the same vulnerability had happened in the USB or PCI bus drivers, it would be a disaster.
0 Votes
+ -
RE: Remote buffer overflow bug bites Linux Kernel
Linux User 147560 5th Nov 2008
So essentially if you are not using the NDISWRAPPER then it's not a problem, but if you are then it potentially is. 2 weeks. I give it 2 weeks tops and it will be corrected and patched. devil
0 Votes
+ -
Already fixed!
SpikeyMike 5th Nov 2008
http://bugs.gentoo.org/attachment.cgi?id=167023&action=diff

Patched code already there. Two weeks TOPS to get to the repositories, though I suspect we'll see a patch available sooner than that.
0 Votes
+ -
LOL
Linux User 147560 5th Nov 2008
Figures... thanks for the update! devil
0 Votes
+ -
But not already deployed....
dunn@... 5th Nov 2008
Big Difference.
0 Votes
+ -
Deploy it then
AzuMao 5th Nov 2008
You know how to use the make command, right? If not,
Google is your friend, my friend.
0 Votes
+ -
Ubuntu, according to your URL, is what's affected.....
btljooz 6th Nov 2008
Not necessarily all Linux Distros. eh? confused
0 Votes
+ -
Yet another "interesting" URL
btljooz 6th Nov 2008
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/275860

I was mostly correct in that this seems to be affecting mostly Ubuntu at this time. Debian and Gentoo are involved as well as you can see by the above URL.

I'm glad I use PCLinuxOS, which is a branch of Mandriva off of Red Hat. grin

ZDNet needs to get its details correct! plain
0 Votes
+ -
RE: Remote buffer overflow bug bites Linux Kernel
Loverock Davidson 5th Nov 2008
ROTFLMAO!!! Yet another bug in linux? LOL!! Is this any surprise to anyone? When you have a system that is nothing more than a glob of patches duct taped together you can expect these types of bugs. The worst part is that on linux systems since its all patches no one knows what the other one is doing which is why all these patches allow bugs like this to happen.

Ok linux fanboys, hope your gcc is ready. Remember you have to go find the source code, download it, open up a terminal, extact the source with commands, then attempt to figure out which of the 50 switches to use to compile the source cleanly -- expect to do this several times until you get it right, wait the hours for it to compile, let it install in whatever directory it feels like, search for your file, then install it manually, then reboot the system. Wow, all that downtime because linux is a poorly implemented operating system.

Its a good feeling knowing that this bug doesn't affect me because I don't use linux.
0 Votes
+ -
Competency...
SpikeyMike Updated - 5th Nov 2008
... Repetition is likely how LD learns. Since he has no friends (how could (s)he?), nobody is around to show the click-by-click steps to install, configure or update Linux.

It's no wonder that LD doesn't like Linux, apparently somebody played a joke on him/her and gave them Mepis (per numerous recompile the Kernel assertions). What a cruel joke too, as LD isn't capable of grasping new concepts outside of rote memory through repetition. Again, as evidenced by his/her many posts.

I've installed and configured Linux for folks with very limited PC experience - USING Linux is easy and installing/configuring is getting easier and easier (Linux MINT!), but for LD, he is lost, as nobody is there to configure his machine for him. Perhaps he needs to buy a Dell with Ubuntu pre-installed, then he'll realize that Mepis is but a distro and not what every linux looks like.

This is what happens when you're a know-it-all - nobody wants to play nice with you and it's hard to get anyone to show you new things over and over so you can 'learn'.

No, LD, competency is not your strong suit. You'd make a much better lawyer than a tech, as it's so easy to despise you.
0 Votes
+ -
Its not my fault
Loverock Davidson 5th Nov 2008
that linux is so badly coded that a hole the size of the grand canyon was left in it. All I'm doing is just agreeing with everyone else about the dangers of using linux and the hassles that you need to put up with should you decide to torture yourself by running it.
0 Votes
+ -
LOL, when did you ever see Windows source code?
fr0thy2 5th Nov 2008
And anyway, it'd mean nothing to you given that your level seems to be "bang only MS CD into tray and fiddle until it works".

You're such a know nothing LD, your inexperience and incompetence show through from a long way away.
0 Votes
+ -
Ive seen windows Source code
Aussie_Troll 6th Nov 2008
Most people who have will agree its well documentated, clear, well written and not a complete mess and pile of fubah poo Linux is.

with linus trying to hide bugs and security issues now becuase it would "look bad" hell yea.

Linux is badly "on the nose" and for good reasons... !!
0 Votes
+ -
According to my spies at MS...
fairportfan 6th Nov 2008
...when you say

Ive seen windows Source code
Most people who have will agree its well documentated, clear, well written and not a complete mess and pile of fubah poo Linux is.

you're wrong.

And take my word for it, the people i know have hands-on experience with the stuff.
0 Votes
+ -
Since he has the word "troll" in his name...
hasta la Vista, bah-bie 6th Nov 2008
...would you believe anything he says?

wink
0 Votes
+ -
You have to give him some points
GuidingLight 5th Nov 2008
Its a good feeling knowing that this bug doesn't affect me because I don't use linux

That was a good backhand response, and I'm sure he will use it again, as I can tell you I have seen the line Its a good feeling knowing that this bug doesn't affect me because I don't use WIndows thrown around here from time to time.

"Touche" happy
0 Votes
+ -
GL you gave me a great idea ...
fr0thy2 5th Nov 2008
... we could pay hundreds of dollars to people to introduce bugs into Linux, to make it more Windows like.

Mind you, I'll bet Microsoft have already tried executing that strategy ....
0 Votes
+ -
Maybe not introducing bugs but tricking linux to fail
clareJ 6th Nov 2008
People already try to make linux fail. It is called security and penetration testing. It is part of the standard techniques for producing trustworthy software. MS is also doing this for Windows.

It is my opinion that MS Windows is still a bit behind the curve on security because it origins were a stand-alone system that grew into a multi-tasking system that grew into a multi-user mult-tasking system.

Unix started as a multi-user, multi-tasking system so in this regard started with an architecture that supported more separation of users and tasks.

When you look at so much of the under-pining of Windows you find that they heavily borrowed from unix, but chose to write their own code.

Software is an evolving craft. It involves developing ways that hundreds or even thousands of people can work on projects. I think both MS and the open source community have made tremendous progress in regard. Instead of automatically poor-mouthing linux, you should understand the process that it takes to bring something as complex as an operating system to the public on nearly a universal set of hardware platforms.
0 Votes
+ -
what did you expect?
doh123 5th Nov 2008
Do you even know what NDISWRAPPER is?

of course its buggy, its specific purpose is to allow people to use MS Windows wireless card drivers in Linux...
0 Votes
+ -
Yes I do
Loverock Davidson 5th Nov 2008
But the drivers are solid, thus the problem is with linux.
0 Votes
+ -
LD wants it both ways.
b.bob 5th Nov 2008
He wants us to blame the drivers for the Windows problems, but he wants to blame the Linux Kernel for problems with the SAME Windows drivers that weren't even written to run on Linux. This is called double-talk in the political world. It only makes one appear stupid to argue against yourself. He either has multiple personality syndrome or LD really does stand for Learning Disability.
0 Votes
+ -
No
TedKraan 6th Nov 2008
wrong
0 Votes
+ -
Huh?
todbran@... 5th Nov 2008
Again folks, Lover is an amateur computer novice. I had an update waiting when I got up. It installed with one click. Really difficult stuff. It's great using Linux because I don't have to install hundreds of patches a year as you do with Windows. Plus, when there is a rare occasion that I do need a patch, that patch is issued within hours of discovery of the flaw and not weeks as is the case with Windows. LD....proven wrong yet again. You're having a bad year.
0 Votes
+ -
LOL!
Loverock Davidson 5th Nov 2008
Pure comedy right there! You do realize linux is made up of nothing but patches right? And because no one talks to the other and they all do their own thing you get so much garbage when trying to tape those patches together you get a POS OS like linux and security bugs like the one stated in this article.
0 Votes
+ -
Todbran = slow in the head?
AzuMao 6th Nov 2008
LD is clearly just trying to make Windows users look
retarded. Why did you actually waste your time
refuting his non-points? They weren't meant to make
sense. That's what satire is about. He purposefully tries to make himself look stupid, and claims to be
supporting Windows, to make Windows users look bad..
don't waste your time refuting him..
0 Votes
+ -
Well if it's satire...
hasta la Vista, bah-bie 7th Nov 2008
...it's getting old, real quick.

Besides, I always thought LD was a genuine idiot. Still do.

wink
0 Votes
+ -
No
AzuMao 7th Nov 2008
If he was truly that stupid he wouldn't be able to
communicate at all. Maybe not even eat.
0 Votes
+ -
Loverock - Miss Trolliverse 2008
Don Collins 6th Nov 2008
Presenter: Loverock, honey, now that you've been crowned Miss Trolliverse 2008, what do you plan to do in your year of fame?

Loverock (adjusts tiara to show off the tiny gold effigy of Steve Ballmer) - Well, ya know I wanna travel the world and make people hate me even more and then me and Steve are gonna get hitched!

(wild audience response)

Presenter: Some people say that you're crazy - is that true?

(winfanboi audience wildly wave Windows logo placards and boo the presenter)

Loverock: I'm sweeeet! People just love me!

(audience scream wildly yet again).

Meanwhile, in the TV director's suite high above the auditorium, Loverock's agent facepalms, wondering how in hell he can promote this sequinned human tragedy.
0 Votes
+ -
You made my day, lol.
AzuMao 6th Nov 2008
nt
0 Votes
+ -
Ho-hummm.... zzzzz.....
Four-Eyes 6th Nov 2008
grin
0 Votes
+ -
Or...
awasson@... 7th Nov 2008
I don't have to use the Windows driver for my wireless card and it doesn't affect me at all. So no bugs on my Linux.... How many on Windows?
0 Votes
+ -
Reboot Linux after Driver update?
satovey@... 10th Nov 2008
Your post shows your general lack of knowledge when it comes to linux. All that would be necessary after the compile process is to restart the process that is running the driver.

I've never used MAC but since it has Unix as it's base, I would imagine that Windows is the only OS that needs rebooting. But then, that may not necessarily be the case either. It all depends on how it's done. I have found that I can restart USB drives after a USB crash by refreshing them in the system manager.

Definitely a lot faster than rebooting the system.
0 Votes
+ -
LD's WHOLE POST is obviously a joke.
AzuMao 11th Nov 2008
Nobody could actually be that stupid for real, duh.
0 Votes
+ -
LOL!!
Loverock Davidson 5th Nov 2008
I can't stop laughing. Linus really looks like the village idiot now!
0 Votes
+ -
only to you
TedKraan 6th Nov 2008
Because you don't know what NDIS is.

NDISWrapper is a method to use unstable drivers in the Linux environment. (for when there are no linux drivers)
0 Votes
+ -
ROTFLMAO!!!!
Loverock Davidson 5th Nov 2008
This is just too funny. Remember all the fanboys trying to get us to switch to linux? This is the reason we don't! Because linux has a history of security bugs and is a nightmare to support and maintain.
0 Votes
+ -
get up off the floor
sir4taye@... 5th Nov 2008
You're rolling in your drool!

security on linux should not be laughed at by a microcock or smackle user. But if you must giggle as a village idiot might, then go and do it in neverland where your denial keeps your psyche safe.
0 Votes
+ -
OpenBSD 4.4 released on Saturday 11/01/08!!
Loverock Davidson 5th Nov 2008
Perhaps linux should get a clue and try a real unix with real security. As it stands now, its just some hacked up clone of an OS.

Do yourself the favor and dump your linux partition for something better:

http://www.openbsd.org
Free, Functional, and Secure!
Only two remote holes in the default install, in more than 10 years!
0 Votes
+ -
This is hard to watch.
kozmcrae 5th Nov 2008
You're over the top. Did something upset you?
0 Votes
+ -
RE: Remote buffer overflow bug bites Linux Kernel
birumut Updated - 5th May 2011
Great!!! thanks for sharing this information to us!
seslisohbet seslichat

Join the conversation!

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]
ie8 fix
Click Here
ie8 fix

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity

Blog Roll

Blog Archive

White Papers, Webcasts, & Resources
ie8 fix
ie8 fix