Holes found in Linux Ubuntu kernel

Holes found in Linux Ubuntu kernel

Summary: Almost 40 vulnerabilities have been discovered in the kernel of Linux Ubuntu 10.04, also known as Lucid Lynx, which is a long-term support version of the operating system.

SHARE:

Almost 40 vulnerabilities have been discovered in the kernel of Linux Ubuntu 10.04, also known as Lucid Lynx, which is a long-term support version of the operating system.

The holes, which allow remote and local exploits, also apply to corresponding versions of Kubuntu, Edubuntu and Xubuntu. The vulnerabilities include an issue with the way the Common Internet File System validates Internet Control Message Protocol (ICMP) response packets. The issue allows an attacker to send denial-of-service crafted packets. In addition, a hole in the Network File System v4 (NFSv4) bungles certain write requests allowing malicious users to craft traffic to gain root privileges.

"If you block ICMP you will get UDP (User Datagram Protocol) trouble because it does not have reliability built into it. You will get ICMP messages back," Securus Global researcher Declan Ingram said. "Being able to cause a kernel panic with an ICMP unreachable message is bad."

For more on this story, read Ubuntu peppered with holes on ZDNet Australia.

Topics: Software, Browser, Linux, Open Source, Operating Systems, Security

Darren Pauli

About Darren Pauli

Darren Pauli has been writing about technology for almost five years, he covers a gamut of news with a special focus on security, keeping readers informed about the world of cyber criminals and the safety measures needed to thwart them.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

36 comments
Log in or register to join the discussion
  • RE: Holes found in Linux Ubuntu kernel

    ...and they have *already been fixed*, and download packages are already coming down with the system updater.
    TriangleDoor
    • RE: Holes found in Linux Ubuntu kernel

      @TriangleDoor Doesn't make such a good story then does it? I don't think you understand what ZDNet are trying to do here...
      jeremychappell
      • RE: Holes found in Linux Ubuntu kernel

        @jeremychappell

        Oh, I do. The ZDNet Australia story mentioned that they'd been fixed, although it manages to invite the reader to characterize the fixes as "onerous." The ZDNet America story is even more yellow in that it fails to mention the updates. Such coverage is *exactly* what we expect from this venue under its current ownership and management.
        TriangleDoor
    • So what the story is actually saying

      @TriangleDoor
      is that they knew about the vulrnerabilities for a while and didn't tell users how to protect themselves in the interm.
      Will Farrell
      • RE: Holes found in Linux Ubuntu kernel

        @Will Farrell No, Ubuntu has an update procedure that would be very familiar to users of Mac OS X or Windows. They have a really strong track record of issuing patches. I'm afraid this is just trying to make something out of nothing. It's sad really as it makes sensible debate less likely and pointless fanboy flamewars inevitable.
        jeremychappell
      • RE: Holes found in Linux Ubuntu kernel

        @Will Farrell I agree with jeremychappell... this is something out of nothing!!! Every OS has these types of issues and will always need patches. We cannot continue to knock OSX and Windows because of the same thing... All OS's by design will have these problems. Just do your best to protect your neck!!!!
        apetti
    • Guys, it is ZDNet's duty to report on security issues in Ubuntu / Linux,

      even if they have been fixed. Just relax, the truth about the severity, etc, will come out.
      DonnieBoy
      • RE: Holes found in Linux Ubuntu kernel

        @DonnieBoy <br><br>Funny, you cant wait to jump down the throat of MS if there was something patched . . .
        mgaul
    • Someone (ZDNet) must have been asleep!

      @TriangleDoor <br><br>Not only have these updates have been available, the kernel version referred to in the ZDNet.au article has been replaced.<br><br>According to Synaptic, for the 2.6.35-25 kernel, the latest update is 2.6.35-25.45; <i> and currently I am using the 2.6.32-29.58 kernel</i>.<br><br><b>IOW - OLD NEWS!!!!</b>
      fatman65535
  • RE: Holes found in Linux Ubuntu kernel

    What version of kernel? Lucid Lynx comes with 2.6.32, and you can install a newer one, i have 2.6.34
    d.marcu
  • This is a non-issue

    Just update to the most recent kernel and you're safe.
    Michael Alan Goff
    • LOL! Of course it's a non-issue.

      @goff256: [i]This is a non-issue

      Just update to the most recent kernel and you're safe.[/i]

      However if the discuss were about Windows it would be yet another example of how bug ridden Windows is. Hypocrissy at its finest.
      ye
      • If this were a topic about Windows

        I would say the same thing.

        I know, I have.
        Michael Alan Goff
      • Some how I don't think you would.

        @goff256: [i]If this were a topic about Windows
        I would say the same thing.[/i]

        I don't see you anywhere to be found in the "MS Patch Tuesday heads-up: Critical flaws in Windows, Office" talkbacks saying the same thing. As a matter of fact I don't see you having posted there at all.
        ye
      • These past couple of weeks

        I have been kind of shy about posting to Microsoft threads, since I have a stalker named Search & Destroy who sees it fit to respond to almost any of my topics.
        Michael Alan Goff
      • RE: Holes found in Linux Ubuntu kernel

        @goff256
        You did post several comments.
        Microsoft Patch Tuesday: The bottom line, December 14, 2010, 1:01pm PST
        daikon
      • How do you find those?

        And what did I say?<br><br>It's been a LOOONG time since I said whatever it is I said. XD
        Michael Alan Goff
      • RE: Holes found in Linux Ubuntu kernel

        @goff256
        Search: Microsoft Patch Tuesday
        You comments back then in line to what you wrote above.
        daikon
  • Guys, everybody relax, it is ZDNet's duty to report on Ubuntu / Linux. When

    we have more information on this, we will be in a better position to say how serious it was.
    DonnieBoy
    • Yeah, but I just wanted to make sure it was known

      The patch is out, just download it.
      Michael Alan Goff