Click Here
home features news forums classifieds faqs links search
6092 members 
Amiga Q&A /  Free for All /  Emulation /  Gaming / (Latest Posts)
Login

Nickname

Password

Lost Password?

Don't have an account yet?
Register now!

Support Amigaworld.net
Your support is needed and is appreciated as Amigaworld.net is primarily dependent upon the support of its users.
Donate

Menu
Main sections
Home
Features
News
Forums
Classifieds
Links
Downloads
Extras
OS4 Zone
IRC Network
AmigaWorld Radio
Newsfeed
Top Members
Amiga Dealers
Information
About Us
FAQs
Advertise
Polls
Terms of Service
Search

IRC Channel
Server: irc.amigaworld.net
Ports: 1024,5555, 6665-6669
SSL port: 6697
Channel: #Amigaworld
Channel Policy and Guidelines

Who's Online
75 crawler(s) on-line.
 12 guest(s) on-line.
 1 member(s) on-line.


 DiscreetFX

You are an anonymous user.
Register Now!
 DiscreetFX:  1 min ago
 agami:  6 mins ago
 ed:  33 mins ago
 amigang:  1 hr 22 mins ago
 freak:  1 hr 54 mins ago
 Trekiej:  2 hrs 40 mins ago
 _ThEcRoW:  3 hrs 42 mins ago
 Rob:  4 hrs 7 mins ago
 kolla:  5 hrs 6 mins ago
 matthey:  5 hrs 57 mins ago

News   News : Critical Linux flaw found
   posted by DaveyD on 7-Jan-2004 9:04:17 (2399 reads)
Security researchers are again warning about a critical vulnerability in the Linux kernel, which could be used by malicious hackers to take control of Linux systems.

IDG reports that ISEC Security Research found the hole in code used to manage virtual memory on Linux systems. It affects versions of the kernel up to and including version 2.6, and would give low-level Linux users total control over a Linux system.
    

Related Links
· More about News
· News by DaveyD


Most read story about News
AmigaOS 4.0 Status Report

Last news about News
Interview of Gianluca Girelli
Printer Friendly Page  Send this Story to a Friend

PosterThread
jack 
Re: Critical Linux flaw found
Posted on 7-Jan-2004 10:41:49
#1 ]
Cult Member
Joined: 19-Aug-2003
Posts: 650
From: Israel

Hi DaveyD,

Is there prointer to url?

TIA,
Jack


_________________

"the expression, 'atonal music,' is most unfortunate--it is on a par with calling flying 'the art of not falling,' or swimming 'the art of not drowning.'. A. Schoenberg

 Status: Offline
Profile     Report this post  
Toaks 
Re: Critical Linux flaw found
Posted on 7-Jan-2004 11:27:13
#2 ]
Elite Member
Joined: 10-Mar-2003
Posts: 8042
From: amigaguru.com

funny ####..., looks like nothing is "THE BEST" anymore, time to unplug that modem/network card for you all ...

:)


_________________
See my blog and collection website! . https://www.blog.amigaguru.com

 Status: Offline
Profile     Report this post  
MikeB 
Re: Critical Linux flaw found
Posted on 7-Jan-2004 11:52:18
#3 ]
Elite Member
Joined: 3-Mar-2003
Posts: 6487
From: Europe

@ jack

I read an article about this at Devicetop as well.

 Status: Offline
Profile     Report this post  
Anonymous 
Re: Critical Linux flaw found
Posted on 7-Jan-2004 13:01:12
# ]



Seems there's updates for this already:

Summary:
Updated kernel resolves security vulnerability

Updated kernel packages are now available that fix a security
vulnerability which may allow local users to gain root privileges.

Description:
The Linux kernel handles the basic functions of the operating system.

Paul Starzetz discovered a flaw in bounds checking in mremap() in the Linux
kernel versions 2.4.23 and previous which may allow a local attacker to
gain root privileges. No exploit is currently available; however, it is
believed that this issue is exploitable (although not trivially.) The
Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned
the name CAN-2003-0985 to this issue.

All users are advised to upgrade to these errata packages, which contain a
backported security patch that corrects this issue.

Red Hat would like to thank Paul Starzetz from ISEC for disclosing this
issue as well as Andrea Arcangeli and Solar Designer for working on the patch.

These packages also contain a fix for a minor information leak in the real
time clock (rtc) routines. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2003-0984 to this issue.

We have provided kernel updates for Red Hat Linux 7.1-8.0 with this
advisory as these were prepared by us prior to December 31 2003. Please
note that Red Hat Linux 7.1, 7.2, 7.3, and 8.0 have reached their end of
life for errata support and no further errata will be issued for those
distributions.

 
     Report this post  
Legion 
Re: Critical Linux flaw found
Posted on 7-Jan-2004 16:27:55
#5 ]
Cult Member
Joined: 21-Apr-2003
Posts: 820
From: Fargo, ND, USA

Yeah, its already patched. Now, if you were M$, you'd just ignore it and keep working on your method for putting DRM technology into coffee makers and toaster ovens


_________________
...wait... what?

 Status: Offline
Profile     Report this post  
shoe 
Re: Critical Linux flaw found
Posted on 7-Jan-2004 18:22:12
#6 ]
Super Member
Joined: 14-Sep-2003
Posts: 1585
From: Gothenburg, Sweden

I just wanted to say that although this is quite ot it's still really nice that it's posted on aw. That way this can be my one and only newssource. Imagine no to be forced to surf around for an hour or more to satisfy my newsfeedneed

Yeh, I might even discontinue bugtraq

/shoe

 Status: Offline
Profile     Report this post  
jack 
Re: Critical Linux flaw found
Posted on 7-Jan-2004 20:47:03
#7 ]
Cult Member
Joined: 19-Aug-2003
Posts: 650
From: Israel

@ MikeB

10X.

AFAIU, seems 2b no threat to system with sshd/telnetd/ftpd being the only listening services.

Jack


_________________

"the expression, 'atonal music,' is most unfortunate--it is on a par with calling flying 'the art of not falling,' or swimming 'the art of not drowning.'. A. Schoenberg

 Status: Offline
Profile     Report this post  
jack 
Re: Critical Linux flaw found
Posted on 7-Jan-2004 20:52:18
#8 ]
Cult Member
Joined: 19-Aug-2003
Posts: 650
From: Israel

Did anyone find the pacth? I recall there was patch in mmap.c. I guess this is different one (the memremap function seems to be in the same dir in kernel source tree).

TIA,
Jack


_________________

"the expression, 'atonal music,' is most unfortunate--it is on a par with calling flying 'the art of not falling,' or swimming 'the art of not drowning.'. A. Schoenberg

 Status: Offline
Profile     Report this post  
Tomas 
Re: Critical Linux flaw found
Posted on 9-Jan-2004 3:21:29
#9 ]
Elite Member
Joined: 25-Jul-2003
Posts: 4286
From: Unknown

I believe that this exploit is local only, so the person gotta have atleast an username on the box, if he should be able to do any harm.

 Status: Offline
Profile     Report this post  
[ home ][ about us ][ privacy ] [ forums ][ classifieds ] [ links ][ news archive ] [ link to us ][ user account ]
Copyright (C) 2000 - 2019 Amigaworld.net.
Amigaworld.net was originally founded by David Doyle