On mySimon: Three Colors Trilogy
BNET Business Network:
BNET
TechRepublic
ZDNet
125 TalkBacks

By Robert Lemos
Posted on ZDNet News: Jun 16, 2004 12:24:00 AM

Linux users have been urged to fix a flaw in the core component of the open-source operating system, following the public release of code that could be used to crash Linux systems.


Get Up to Speed on...
Open source
Get the latest headlines and
company-specific news in our
expanded GUTS section.

The flaw, found by two software programmers, could give a user with access to a Linux system the ability to crash the system using two dozen lines of code written in the C programming language, said an advisory posted over the weekend on linuxreviews.

"Assume your kernel is (vulnerable) unless you have good reason to believe it is safe," Oyvind Saether, one of the discoverers of the flaw, said in the advisory.

The program, dubbed "evil.c," causes problems with the code sent to the floating-point unit, the part of the processor that handles noninteger calculations, according to a note in a source code patch published by Linux founder Linus Torvalds.

Click here to Play

Are security companies ahead of hackers?

The open-source Linux operating system has fallen prey to its share of flaws and attacks this year. Several flaws were found in the Concurrent Versions System, CVS, a commonly used application for managing open-source code under development. In March and April, online attackers targeted Linux and Solaris systems at many academic high-performance computing centers.

Researchers also found flaws in the OpenSSL software used by many Linux distributions to enable secure Internet communications.

On Monday, staffers associated with Red Hat's community-based distribution, Fedora, released an update to Fedora Core 2, to fix the latest problem. The kernel patch has also been included in the latest release candidate of the Linux kernel, 2.6.7-RC3, which is expected to be released soon.

Other distributions of Linux should be fixed this week as well.

Andrew Morton, the maintainer of the Linux 2.6 kernel, promised a fix within 48 hours and said the flaw was not very serious.

"Bugs wherein local users can lock the machine up are not uncommon, and local users have always been able to bring a machine to its knees anyway--say, by using up all the memory," he said.

Morton said the discoverers of the flaw didn't give the kernel team any notice before releasing the code to take advantage of the problem--a no-no in the security community.

SponsoredWhite Papers, Webcasts, and Downloads

  • Talkback
  • Most Recent of 125 Talkback(s)
Better Article On The Subject
http://linuxreviews.org/news/2004-06-11_kernel_crash/index.html... (Read the rest)
Posted by: linux_user Posted on: 06/19/04 You are currently: a Guest | | Terms of Use
Flaw pops up in Linux kernel  Loverock Davidson | 06/15/04
I should warn you  Arrg | 06/15/04
Why?  Martin Marvinski | 06/16/04
Loserock can be funny though  Mike Hunt | 06/16/04
OTOH  kray_z | 06/16/04
Funny..  d_jedi | 06/16/04
BSOD  Martin Marvinski | 06/16/04
Or,  Spoon Jabber | 06/16/04
Actually I've found it to be.. BSOD..reboot..  Arrg | 06/16/04
funnier  Arrg | 06/16/04
This is why people SHOULD use Linux  Michael Kelly | 06/16/04
Common mistake!  ShadeTree | 06/16/04
Oh I agree  Michael Kelly | 06/16/04
Of...  Martin Marvinski | 06/16/04
Level's of availability  PA-ITGuy | 06/16/04
Quite true  Michael Kelly | 06/16/04
Patches and Story Flaws  theKid_z | 06/16/04
Ummm...yeah, as a matter of fact...  dj_45_cal | 06/16/04
But they are using Linux more and more...  rinaldo | 06/16/04
Ready to fire clue-by-four between the eyes  Spin_Masterz | 06/15/04
no it isn't.  JoeMama_z | 06/15/04
Sam, what?  Richard Flude | 06/15/04
are you suggesitng  zijiang | 06/15/04
My point is windows shouldn't be mentioned  Richard Flude | 06/15/04
if i were admining it.....  JoeMama_z | 06/16/04
Really? So MS has fundamentally redesigned their WIN32  Richard Flude | 06/16/04
I understand that i may not be able to close security holes...  JoeMama_z | 06/18/04
double standard  zijiang | 06/15/04
So is their damn IE and now their WMP part of the OS or not????  Spin_Masterz | 06/15/04
Phoney arguement  ShadeTree | 06/16/04
Not true...  Martin Marvinski | 06/16/04
P.S.  Martin Marvinski | 06/16/04
you could patch your system manually....  JoeMama_z | 06/16/04
Correct me if I'm wrong...  Michael Kelly | 06/16/04
Michael...  JoeMama_z | 06/16/04
But...  Martin Marvinski | 06/16/04
Marvin.....  JoeMama_z | 06/16/04
A hypochrite is someone....  ShadeTree | 06/16/04
re: A hypochrite is someone....  Iain_Peters | 06/16/04
RE: Lain_Peters  ShadeTree | 06/16/04
No Linux has not  Linux User 147560 | 06/15/04
Not remotely exploitable bunk!  ShadeTree | 06/16/04
Root not needed  PA-ITGuy | 06/16/04
Re: Not remotely ...  Iain_Peters | 06/16/04
Convenient definition  ShadeTree | 06/16/04
re: Convenient definition  Iain_Peters | 06/16/04
Fine, let me clarify  Linux User 147560 | 06/16/04
that is because  doh123 | 06/16/04
That's how MS sets it up.  Martin Marvinski | 06/16/04
you misunderstanding...  ryusen | 06/16/04
Knock yourself out...  Fred Fredrickson | 06/16/04
Kernel flaw  PA-ITGuy | 06/16/04
I agree completely  Michael Kelly | 06/16/04
old news..  +-Chris-+ | 06/15/04
Those of you patching raise your hands.  doe_z | 06/15/04
Given that Linux 2.6.7 is now available...  Zogg | 06/16/04
I will... but I'm a desktop user  Michael Kelly | 06/16/04
actually  neil ubich | 06/16/04
Fixed and found by users with access to source code.  Xunil_Sierutuf | 06/16/04
counterpoint  PA-ITGuy | 06/16/04
but his point still stands...  ryusen | 06/16/04
?-o  Expatriate US Geek | 06/16/04
Ooops.....  Expatriate US Geek | 06/16/04
Linux kernel full of bugs !!!  Ardian Daka | 06/16/04
It's news when Linux has a flaw, It's expected with Windows  km4hr@... | 06/16/04
Almost...  Michael Kelly | 06/16/04
Not actually!  ShadeTree | 06/16/04
2 reasons why they get reported over and over  Michael Kelly | 06/16/04
Actual data shows....  ShadeTree | 06/16/04
Very Interesting. I'd like to see the actual data.  el1jones | 06/16/04
Care to share that data with us?  Michael Kelly | 06/16/04
Including those decade old flaws?  rpmyers1 | 06/16/04
Name ONE?  Da-Man | 06/16/04
Shatter  rpmyers1 | 06/16/04
Okay, name TWO...Okay, THREE...........Okay, name ONE HUNDRED SEVENTY-NINE.  Linux_Developer | 06/16/04
The data  ShadeTree | 06/16/04
Some quotes from the original article  Michael Kelly | 06/16/04
My points exactly  ShadeTree | 06/16/04
re: Shadetree  Iain_Peters | 06/16/04
re: Shadetree  ryusen | 06/16/04
Whereas with Linux...  Martin Marvinski | 06/16/04
For a fair  michael-t | 06/18/04
True, but that was a bad approach.  Linux_Developer | 06/16/04
Get it right ZDNET  LongShipUser | 06/16/04
You have to wonder who rights this stuff...  el1jones | 06/16/04
Vulnerabilities, Attacks, and Intrusions  Da-Man | 06/16/04
What?!?  Linux_Developer | 06/16/04
That is the Facts...  Da-Man | 06/16/04
Are you Bitty in another nick?  Iain_Peters | 06/16/04
Open-source model is still a Security Risk  Da-Man | 06/16/04
The OPen Source model has already proved correct  Iain_Peters | 06/16/04
I don't have an Agenda...  Da-Man | 06/16/04
OK, that's a lot better  Linux_Developer | 06/16/04
Quite Funny...  Da-Man | 06/16/04
that is not a flaw in the open source model...  ryusen | 06/16/04
What about Hidden Exploit Code  Da-Man | 06/16/04
Let's think about that really hard...  Linux User 147560 | 06/16/04
See for you self  michael-t | 06/17/04
Less than half right  jd3_z | 06/16/04
half right  PA-ITGuy | 06/16/04
RE; half right  Iain_Peters | 06/16/04
Wow. they do read their links well  Iain_Peters | 06/16/04
Linux Bugs: Friends don't let Friends use Linux  samp_z | 06/16/04
re: Linux Bugs: Friends don't let Friends use Linux  Iain_Peters | 06/16/04
If you were my friend  Linux User 147560 | 06/16/04
Best Fix...  LongShipUser | 06/17/04
"But there is a fix"  rkadowns | 06/16/04
Ah yes, Microsoft supporters again.  Linux_Developer | 06/16/04
That wouldnt suprise me!  willtisdale@... | 06/16/04
I was only joking. And that post wasn't aimed at you.  Linux_Developer | 06/16/04
Windows Users???? (Try Switching To Linux)  willtisdale@... | 06/16/04
"Actually, Linux may not be all that great, but MS sure stinks!"  Linux_Developer | 06/16/04
Ok, I went a bit too far. (Sorry!)  willtisdale@... | 06/16/04
What?!?!  PA-ITGuy | 06/16/04
?!? (Too Tired)  willtisdale@... | 06/16/04
PS:  PA-ITGuy | 06/16/04
Unpatched Systems  willtisdale@... | 06/16/04
Also...  Linux_Developer | 06/16/04
Re: Also  willtisdale@... | 06/16/04
Daft Question! (Viruses)  willtisdale@... | 06/16/04
Read young padwan learner...  Linux User 147560 | 06/16/04
Thanks  willtisdale@... | 06/16/04
I havn't had a Blue Screen...  JoeMama_z | 06/16/04
It's those darn Microsoft coders  FilledOut | 06/18/04
Better Article On The Subject  linux_user | 06/19/04

What do you think?

advertisement
advertisement

White Papers, Webcasts, and Downloads