Author Topic: New Linux Security Hole Found  (Read 531 times)

sime

  • Member
  • **
  • Posts: 242
  • Kudos: 4
    • http://www.azuro.com
New Linux Security Hole Found
« on: 17 June 2004, 19:42 »
Hopefully a patch will be available soon!

http://www.zone-h.com/en/news/read/id=4289/

When it is DON'T be a Windowz user ... apply it!

Sime
==================================================
If Linux doesn't have the solution, you have the wrong problem.
   
         Sime@04
==================================================

KernelPanic

  • VIP
  • Member
  • ***
  • Posts: 1,878
  • Kudos: 222
New Linux Security Hole Found
« Reply #1 on: 17 June 2004, 20:05 »
It will be fixed by tomorrow I'd say.
Contains scenes of mild peril.

mobrien_12

  • VIP
  • Member
  • ***
  • Posts: 2,138
  • Kudos: 711
    • http://www.geocities.com/mobrien_12
New Linux Security Hole Found
« Reply #2 on: 17 June 2004, 22:46 »
This has been out for several days.  I think the fixes are folded into the prepatch for 2.4.26 and in 2.6.7.  

However, to put this in perspective, this isn't so bad as far as holes go.  It only allows a user to crash the system.  You can't root the box with it.

A simple workaround exists for a multiuser box with untrusted users:   make sure user-writable partitions are mounted noexec.  

If you are a sole user, and your box isn't a server that other people depend on, you really don't even have to upgrade your kernel.  I'm not going to update the kernel on my personal machine, and I take my security very seriously.

Who this affects most is boxes with more than one user, and with untrusted users.  For example, a Linux machine at a large university that students can ssh into or a corporate server.
In brightest day, in darkest night, no evil shall escape my sight....