Linux Kernel Exploit Affecting Linux 3.3 To Linux 3.8

**phoronix** · 02-25-2013, 01:50 PM

Phoronix: Linux Kernel Exploit Affecting Linux 3.3 To Linux 3.8

A Linux kernel exploit was made public this weekend that affects versions of Linux going back to the 3.3 kernel. This exploit allows for user-space programs to gain root access through a bug in the kernel's networking code...

http://www.phoronix.com/vr.php?view=MTMxMTg

**Cthulhux** · 02-25-2013, 01:59 PM

Well, how do they say? "Open source is more secure because more people can see what's going on". Hahaha. Great.

**dee.** · 02-25-2013, 01:59 PM

Glad I'm still on 3.2.

**TheBlackCat** · 02-25-2013, 02:02 PM

Originally Posted by Cthulhux

Well, how do they say? "Open source is more secure because more people can see what's going on". Hahaha. Great.

You don't think these sorts of things happen all the time on closed-source operating systems? The fact that local privilege escalation and DOS attacks are even news on Linux systems when most of the big concerns on windows are remote security exploits shows just how much more secure Linux is.

**leonmaxx** · 02-25-2013, 02:04 PM

I hope that this bug will be fixed asap.

**dee.** · 02-25-2013, 02:04 PM

Originally Posted by Cthulhux

Well, how do they say? "Open source is more secure because more people can see what's going on". Hahaha. Great.

Oh go away windows troll. On windows, this would have been hidden for 6 months (or longer) until some worm or trojan would exploit it and build a botnet, then microsoft would have conspired with FBI to arrest foreign citizens and confiscate their property just to get one botnet shut down, whose existence was their fault anyway, and then maybe in a couple of weeks, one beautiful patch tuesday, a fix might be posted...

At least on linux, when a vulnerability is found, it gets fixed snappily. With linux, the exploits are usually found BEFORE they get to be exploited.

Oh and before you get all "i use mac, not windows", I don't care, they're interchangeable to me. Mapplesoft, mipple, just different sides of the same shitty coin.

**gamerk2** · 02-25-2013, 02:58 PM

"An unprivileged user can send a netlink message resulting in an out-of-bounds access of the sock_diag_handlers[] array which, in turn, allows userland to take over control while in kernel mode."

...A Buffer Overflow attack? Really?

Seriously people: Bounds checking.

**JS987** · 02-25-2013, 03:04 PM

http://git.kernel.org/?p=linux/kerne...295cc212e6bc32
It is obvious that there is range check missing for user sent data.
This bug is present because developers
1. inserted security hole intentionally
2. are retards

**Detructor** · 02-25-2013, 03:31 PM

Originally Posted by JS987

http://git.kernel.org/?p=linux/kerne...295cc212e6bc32
It is obvious that there is range check missing for user sent data.
This bug is present because developers
1. inserted security hole intentionally
2. are retards

they should port the whole kernel to C#/.NET. There you got a nice garbage collector and don't have to worry about strange things like pointers and a buffer/memoryoverflow get's a nice exception.

ok, but seriously...someone should implement a background garbage collector and some meta-error handling in C and C++. That'd get rid of those 'security holes' instantely.

**johnc** · 02-25-2013, 03:39 PM

Originally Posted by Detructor

they should port the whole kernel to C#/.NET. There you got a nice garbage collector and don't have to worry about strange things like pointers and a buffer/memoryoverflow get's a nice exception.

ok, but seriously...someone should implement a background garbage collector and some meta-error handling in C and C++. That'd get rid of those 'security holes' instantely.

I was just going to say that C has got to be the worst language imaginable.

Thread: Linux Kernel Exploit Affecting Linux 3.3 To Linux 3.8

Thread Tools

Search Thread

Display

Linux Kernel Exploit Affecting Linux 3.3 To Linux 3.8

Posting Permissions