/>
X
Business

Remote buffer overflow bug bites Linux Kernel

A remote buffer overflow vulnerability in the Linux Kernel could be exploited by attackers to execute code or cripple affected systems, according to a Gentoo bug report that just became public.The flaw could allow malicious hackers to launch arbitrary code with kernel-level privileges.
Written by Ryan Naraine, Contributor on
A remote buffer overflow vulnerability in the Linux Kernel could be exploited by attackers to execute code or cripple affected systems, according to a Gentoo bug report that just became public.

The flaw could allow malicious hackers to launch arbitrary code with kernel-level privileges.  This could lead to complete system compromise or, in some cases if an exploit fails, result in denial-of-service attacks.

This from the Gentoo bug report:

  • Anders Kaseorg discovered that ndiswrapper did not correctly handle long ESSIDs. If ndiswrapper is in use, a physically near-by attacker could generate specially crafted wireless network traffic and crash the system, leading to a denial of service.

Secunia rates this a "moderately critical" vulnerability:

  • The vulnerability is caused due to a boundary error in the ndiswrapper kernel driver when processing wireless network packets. This can be exploited to cause a buffer overflow via an overly long ESSID (Extended Service Set Identifier). Successful exploitation may allow execution of arbitrary code.

The vulnerability (CVE-2008-4395) affects Linux Kernel 2.6.27.   As a temporary mitigation, Linux users should disable wireless network card that are not in use.

Editorial standards

Related

These are my 5 must-have devices for work travel now
ipad-mini-firewalla-purple-macbook-air

These are my 5 must-have devices for work travel now

Twitter turns its back on open-source development
elon-musk-twitter

Twitter turns its back on open-source development

Southwest, United, and American Airlines have a new enemy -- the internet's ugliest site
Airplane wing in flight

Southwest, United, and American Airlines have a new enemy -- the internet's ugliest site