BWAHAHAHAHHAHAHAHA! I have been saying for years that linux is insecure and here we have the proof. How do you linux fanboys feel now knowing that I was right and you were wrong? LOL!!! And its been there for years! Don't forget to start your compilers, might want to do it over night as its going to be a while. Glad I don't have to worry about such vulnerabilities.
Highly exploitable Linux kernel bug found, patched
Summary
A hole has been found in Linux kernel versions stretching back eight years that is 'as trivial as it can get to exploit', according to the Google employees who discovered it.
Topics
A hole has been found in Linux kernel versions stretching back eight years that is 'as trivial as it can get to exploit', according to the Google employees who discovered it.
Julien Tinnes and Tavis Ormandy, the security researchers who discovered the vulnerability, have already issued a patch for the flaw. According to a blog post written by Tinnes on Thursday, the hole "affects all 2.4 and 2.6 kernels since 2001 on all architectures", and is "the public vulnerability affecting the greatest number of kernel versions".
While the kernel hole allows only local privilege escalation, the vulnerability is widespread, said the researchers.
"The issue lies in how Linux deals with unavailable operations for some protocols. sock_sendpage and others don't check for Null pointers before dereferencing operations in the ops structure," Tinnes wrote. "Instead the kernel relies on correct initialization of those proto_ops structures with stubs (such as sock_no_sendpage) instead of Null pointers."
Tinnes said that, as the vulnerability leads to the kernel executing code at Null, it is "as trivial as it can get to exploit".
"An attacker can just put code in the first page that will get executed with kernel privileges," Tinnes wrote.
In an advisory published on Neohapsis on Thursday, Ormandy wrote that an attacker could exploit the vulnerability by creating a mapping at address zero containing code to be executed with privileges of the kernel, thus triggering a vulnerable operation.
The Red Hat team issued an official mitigation recommendation on Friday, in which they called for the affected protocols to be blacklisted in order to stop Tinnes and Ormandy's publicly circulated exploit from working properly on Red Hat Enterprise Linux.
This article was originally posted on ZDNet UK.
Just In
Of course you don't have to worry about vulnerabilities that you don't know about.
The Linux crowd can worry about them and fix them because they are open for anybody to fix.
This is proof that the Linux way is safer than Windows.
The Linux crowd can worry about them and fix them because they are open for anybody to fix.
This is proof that the Linux way is safer than Windows.
This bug has been available for the many eyes to see for 8 years!!! In that time not a single person has noticed this error - well maybe lots did but didn't tell anyone. They could have been using this to exploit systems for years without anyone knowing. It has not proven Linux to be any safer at all!
I don't have to worry about linux vulnerabilities because I wouldn't trust linux in any environment. That makes me safer than any linux user.
I feel good as a matter of fact, now that you feel good about it...go play with your Windows other 57000 vulnerabilities!
Toodles
Toodles
This isn't like the remote code execution
vulnerabilities common to Windows.
You have to already have local access to use
this.
As in, physically be at the computer, or
convince somebody who is to run your malicious
code.
And guess what, lol? Even if this wasn't
the case, do you actually think that one
(fixed) vulnerability makes up for the
countless ones in windows? LOL!!
vulnerabilities common to Windows.
You have to already have local access to use
this.
As in, physically be at the computer, or
convince somebody who is to run your malicious
code.
And guess what, lol? Even if this wasn't
the case, do you actually think that one
(fixed) vulnerability makes up for the
countless ones in windows? LOL!!
To think all those people who used linux were saying how much more secure it was when its been vulnerable for years upon years, something any of us knew already and why we chose not to run it. Add on to this the whole telnet port being wide open and its amazing why anyone would voluntarily choose to use this OS.
This shows that when you have too many people messing with your code you will produce a shoddy product. Too many people are overlapping with the code and this vulnerability is exactly what happens. With linux its always compile, compile, compile! What a hassle.
This shows that when you have too many people messing with your code you will produce a shoddy product. Too many people are overlapping with the code and this vulnerability is exactly what happens. With linux its always compile, compile, compile! What a hassle.
which is good but it does raise some other points. OSS advocates bang on about how anyone can review the code which makes Linux more secure. If no one is helping co-ordinate all these code reviewers then what is stopping all these people looking at the same code over and over again. This has been there 8 years and no one has either looked, or had the skill to notice, this problem. This is a genuine question - Is the code marked with a last reviewed date as well as who reviewed it?
It is patched now..
The vulnerability exploited by Conficker was patched prior to Confickers release but we still, 10 months later, continue to see ABMers bring it up.
The vulnerability exploited by Conficker was patched prior to Confickers release but we still, 10 months later, continue to see ABMers bring it up.
Agreed that it is unacceptable for both, but also agree that both are patched and that we need to learn from the mistakes made rather than take pot shots or make excuses.
I think the reason you're seeing "pot shots" is due to the pot shots made by ABMers towards Microsoft.
Perhaps this incident will show that all software has bugs and some of those bugs will have security implications. Something that's been explained to the ABMers countless times yet they continue to ignore.
Perhaps this incident will show that all software has bugs and some of those bugs will have security implications. Something that's been explained to the ABMers countless times yet they continue to ignore.
But the main difference here between Linux and propriatary OSs is the people
who found the hole could also submit a patch for it. They didn't have to wait for
some third party to get around to updating.
who found the hole could also submit a patch for it. They didn't have to wait for
some third party to get around to updating.
its nice to be able to afford nice things. Why, I may even pay for two licenses of 7 and just let one sit on the shelf unopened for no better reason then just to have said that I did it.
"The views expressed here are mine and do not reflect the official opinion of my employer or the organization through which the Internet was accessed."
"The views expressed here are mine and do not reflect the official opinion of my employer or the organization through which the Internet was accessed."
... pay people to go around installing malware, disrupt standards and upgrading peoples machines from a relatively stable version of Windows to a newer less stable one.
Direct action, that's the key
Direct action, that's the key
I know the patch is there, but does Linux have a patch Tuesday? How are all of your netbook users (3% of them) going to update their systems? How are they notified? This is why Linux should never be used for a desktop OS. It takes a sysadmn who stays on top of these things to keep them running. A regular user cannot perform proper maintenance on a Linux box.
ignore.
You have obviously never used a Linux distribution otherwise you would understand what you said is completely false.
Linux does not have a patch Tuesday because Linux users do not feel that having to wait an arbitrary length of time for a fix to come is viable. Instead as soon as a patch is available it is patched. They are made immediately available in the repositories which means it is available to the user as soon as possible.
And also to point out if you've ever used Linux. You would know that updating and maintaining a Linux machine is trivial at best. Its sooooo difficult obviously to have to start Synaptic (Repository manager for Ubuntu), hit - Update and Upgrade. Done, viola, its over.
And I can't tell you how many workstations ive come across (windows) that have not been patched for literally a few years.
Does anyone want to take a guess at how many known Windows vulnerabilities there are existing for years? And it would be very ignorant and blind for you to say there aren't any... You don't know whats left unfixed when it comes to Windows because Microsoft does not tell you you're vulnerable.
You people here have to stop spewing the FUD that you've been bottle fed for years. Unless you have used Linux I don't believe you have the right to say Its difficult or insecure. And on that point, obviously having to spend thousands of dollars on security software (eg: AntiVirus) means Windows is more secure since Linux doesn't have any? Or does it mean that Linux doesn't need AntiVirus because does not have the massive amounts of exploitable issues that windows does. this is all semantics people.
No software is perfect. Least of all something as complex and comprehensive as an Operating System be it Mac, Windows, Linux, BSD. It doesn't matter.
Linux does not have a patch Tuesday because Linux users do not feel that having to wait an arbitrary length of time for a fix to come is viable. Instead as soon as a patch is available it is patched. They are made immediately available in the repositories which means it is available to the user as soon as possible.
And also to point out if you've ever used Linux. You would know that updating and maintaining a Linux machine is trivial at best. Its sooooo difficult obviously to have to start Synaptic (Repository manager for Ubuntu), hit - Update and Upgrade. Done, viola, its over.
And I can't tell you how many workstations ive come across (windows) that have not been patched for literally a few years.
Does anyone want to take a guess at how many known Windows vulnerabilities there are existing for years? And it would be very ignorant and blind for you to say there aren't any... You don't know whats left unfixed when it comes to Windows because Microsoft does not tell you you're vulnerable.
You people here have to stop spewing the FUD that you've been bottle fed for years. Unless you have used Linux I don't believe you have the right to say Its difficult or insecure. And on that point, obviously having to spend thousands of dollars on security software (eg: AntiVirus) means Windows is more secure since Linux doesn't have any? Or does it mean that Linux doesn't need AntiVirus because does not have the massive amounts of exploitable issues that windows does. this is all semantics people.
No software is perfect. Least of all something as complex and comprehensive as an Operating System be it Mac, Windows, Linux, BSD. It doesn't matter.
I don't know if you've used Linux, but on my Linux system, a message automatically pops up and tells me there are updates and upgrades available. A window lists all that are available along with descriptions of what each is for.
I don't even have to be aware of any problems - it just pops up and tells me.
Another advantage is that it takes care of both the OS as well as the programs installed on my system.
So... the people you were concerned about getting the update most likely not have to know it's there - they will be told to download and install it and they will.
I don't even have to be aware of any problems - it just pops up and tells me.
Another advantage is that it takes care of both the OS as well as the programs installed on my system.
So... the people you were concerned about getting the update most likely not have to know it's there - they will be told to download and install it and they will.
It is quite sad how the rules are different for Windows exploits. I had a quick look and it looks like they released the information about the exploit on the same day as the patch - that is one way to say you have a fast turnaround! If you look in the code you can see the exploit code was written on the 11th, the patch and the blog the 13th and the CVE wasn't published to the 14th. How long have they known about this before telling anyone?
"Hey look guys, we found an exploit, and look we patched it".
It's great they want to appear like they are quick at patching, but people like to know before hand that an exploit exists so they can work around it.
What about being open with information? I thought the whole point of OSS was the fact information and code was open to the community, no sneakyness? Too much to hope for?
It's great they want to appear like they are quick at patching, but people like to know before hand that an exploit exists so they can work around it.
What about being open with information? I thought the whole point of OSS was the fact information and code was open to the community, no sneakyness? Too much to hope for?
The link to the blog reporting this problem does a very good job of laying out exactly what the problem is, shows why it is a problem and provides links to the original code with bug and fixed code sans bug. Just because the author of this article didn't mention any of this doesn't mean it isn't there. Expecting every detail to be covered by every reporter is indeed too much to hope for on any subject.
Paste some Windows source code here ....
Can only be exploited by a local user. So if you are not sitting at the machine then you couldn't exploit it.
A local user could also take the side off the case pop the hard-drive out and open it up with a screwdriver and have full access to the drive.
While this particular obscure vulnerability appears to have been around for a few years there have been NO instances of people using the exploit. This is another example of a patch being released BEFORE an attack occured in the wild.
Please get a grip on reality. In the Windows world no-one would have bothered to report this type of thing because such things are tooo common. It's only because it happened in linux-land that it has any news value - because exploits are so incredibly rare in linux.
Keep your stick on the ice
Regards from
Tom
A local user could also take the side off the case pop the hard-drive out and open it up with a screwdriver and have full access to the drive.
While this particular obscure vulnerability appears to have been around for a few years there have been NO instances of people using the exploit. This is another example of a patch being released BEFORE an attack occured in the wild.
Please get a grip on reality. In the Windows world no-one would have bothered to report this type of thing because such things are tooo common. It's only because it happened in linux-land that it has any news value - because exploits are so incredibly rare in linux.
Keep your stick on the ice
Regards from
Tom
that it's not acceptable for Windows. Funny that you always seem to argue the other side of that. Glad you finally came on board.
Just want to ensure the ABMers are consistent.
should you not aim to meet or exceed the same bar you set for abmers?
If so, then you should either be admitting that it is not acceptable for Windows or you should be acknowledging that this is just as acceptable for Linux.
If so, then you should either be admitting that it is not acceptable for Windows or you should be acknowledging that this is just as acceptable for Linux.
So you admit...that it's not acceptable for Windows. Funny that you always seem to argue the other side of that. Glad you finally came on board.
That's odd, I can't remember ye ever arguing that it was acceptable for Windows. Can you point me to a post where he did?
That's odd, I can't remember ye ever arguing that it was acceptable for Windows. Can you point me to a post where he did?
And I quote... "Not acceptable for Windows. So it's not acceptable for Linux."
You were asked:
That's odd, I can't remember ye ever arguing that it was acceptable for Windows. Can you point me to a post where he did?
And you responded with:
Sure...it was in his subject line.
And I quote... "Not acceptable for Windows. So it's not acceptable for Linux."
So I ask again: Have you suffered a head injury lately?
That's odd, I can't remember ye ever arguing that it was acceptable for Windows. Can you point me to a post where he did?
And you responded with:
Sure...it was in his subject line.
And I quote... "Not acceptable for Windows. So it's not acceptable for Linux."
So I ask again: Have you suffered a head injury lately?
It hasn't made it through to all the distros yet.
And this one is a biggie because every single distro will have to patch every single supported version of their OS.
How many LAMP servers do you believe will be patched directly from the source tree? Nah. This one will plague LAMP sites for months to come, especially the discount shared hosts where patching is not always up to date.
And this one is a biggie because every single distro will have to patch every single supported version of their OS.
How many LAMP servers do you believe will be patched directly from the source tree? Nah. This one will plague LAMP sites for months to come, especially the discount shared hosts where patching is not always up to date.
We used to use hosted Linux servers and they were always weeks behind on there patching. The CMS chosen by the management, thinking they were saving money, was LAMP based and exploited twice. We brought it in house and took control of it but it is always having to be patched. The rest of our servers are IIS, asp.net and SQL and never had any issues at all.
Both Fedora and Debian at least were distributing patched kernels last weekend. And as it's a one line fix, I personally had patched all my machines by Saturday regardless.
Fortunately, as serious as this bug is, it's not a remote execution bug. So it's not enough by itself to compromise a LAMP server. Now as for schools full of untrustworthy users, that's a different story.
Fortunately, as serious as this bug is, it's not a remote execution bug. So it's not enough by itself to compromise a LAMP server. Now as for schools full of untrustworthy users, that's a different story.
EH - compiling to apply patches is bogus yes, but I still have to compile X-FI soundcard drivers for my Creative X-FI Xtrememusic card to work properly or even be detected. Granted its 2 lines, but making sure the dependencies and all that in there can be hell for the novice user.
isn't FOSS fantastic?
what good is the source if you can't compile it yourself to check for these sorts of bugs?
The only difference is that the source code has to be made available. You dont have to compile it yourself, but you are free to do so if youd like.
hence the term "Open SOURCE software". If you want it fixed you gotta look through the code and compile it yourself. That is what its there for, or so the linux fanboys told me.
when you talk about all this compiling. With the BSD's, they have a tight control over what binaries they will distribute, so if you make the fixes you have to compile yourself unless you feel like waiting for them to get off their behinds and make an issue out of it. With Linux, all you need is a proactive distro and they will compile the changes for you.
And even if you just made a quick patch and wanted to compile it yourself, odds are you are just compiling a module (I can't imagine anyone wanting SOCKS in the kernel proper). And that takes what, about 30 seconds from start to install?
And even if you just made a quick patch and wanted to compile it yourself, odds are you are just compiling a module (I can't imagine anyone wanting SOCKS in the kernel proper). And that takes what, about 30 seconds from start to install?
Is that its tightly controlled by a core team. So no rogue code like in this article can be submitted. Because there is a team the code gets reviewed much better instead of having a bunch of random developers submit whatever they want.
Of course we don't know about the thousands of undiscovered vulnerabilities in the Microsoft's source code - they're actually too scared to release it because they know full well that it is thrown together junk.
The availability of the source is how these things are discovered, hence the saying "Many eyes make all bugs shallow".
How many lines of Microsoft source code have YOU seen?
The compiler, for your educational purposes, is used primarily by the distro maintainers/packagers unless you CHOOSE to compile by hand or run Gentoo or similar.
Ok, I know already that that's gone RIGHT OVER your hollow head
How many lines of Microsoft source code have YOU seen?
The compiler, for your educational purposes, is used primarily by the distro maintainers/packagers unless you CHOOSE to compile by hand or run Gentoo or similar.
Ok, I know already that that's gone RIGHT OVER your hollow head
In August alone Microsoft had to patch five critical vulnerabilities in Windows. Windows usually has at least two or three critical vulnerabilities patched every month.
Most Linux distros don't include Telnet clients. What is your source for that claim?
Most Linux distros don't require any compiling to apply patches. What is your source for that claim?
Oh, and here is the source for my claim about those Windows vulnerabilities.
http://www.microsoft.com/technet/security/bulletin/ms09-aug.mspx
Most Linux distros don't include Telnet clients. What is your source for that claim?
Most Linux distros don't require any compiling to apply patches. What is your source for that claim?
Oh, and here is the source for my claim about those Windows vulnerabilities.
http://www.microsoft.com/technet/security/bulletin/ms09-aug.mspx
No matter how many times you say it, its just not true. Linux has updates daily! Its always patch patch patch, causing more downtime than necessary. With that many patches a week, it is far from secure. And yes it does have telnet installed, I've seen it.
Again, what is your source for those claims?
I didn't send you to Microsoft's homepage, I provided a link to a specific security bulletin. If you want to prove your point you'll have to provide the same level of detail.
Now, tell me, where on those pages does it say that Linux needs to be updated daily?
Where does it say that Linux has more downtime?
Where does it say that Ubuntu comes with telnet preinstalled?
Now, tell me, where on those pages does it say that Linux needs to be updated daily?
Where does it say that Linux has more downtime?
Where does it say that Ubuntu comes with telnet preinstalled?
You asked for information, I provided it. I'm not here to prove a point. I'm not here to get into some penis size contest with you either. I'm here to spread the truth about linux and its many many flaws. Its the same thing I've always done. You can either accept the information I gave you or live in denial.
I asked for information specifically regarding the claims you made, which you failed to provide.
Why do you make wild accusations that you are unwilling or unable to prove?
It took me all of two minutes to find out that Ubuntu doesn't include a telnet client, and another two minutes to find out how many patches Microsoft released this month.
Proof is easy to find, when it exists.
Why do you make wild accusations that you are unwilling or unable to prove?
It took me all of two minutes to find out that Ubuntu doesn't include a telnet client, and another two minutes to find out how many patches Microsoft released this month.
Proof is easy to find, when it exists.
Join the conversation!
The best of ZDNet, delivered
ZDNet Newsletters
Get the best of ZDNet delivered straight to your inbox
Vendor Showcase
Facebook Activity
