On TV.com: BATTLESTAR Galactica Maxim Photoshoot
BNET Business Network:
BNET
TechRepublic
ZDNet
TalkBack 43 of 125:
Next »
« Previous
Root not needed
From the much better article on eWeek.
http://www.eweek.com/article2/0,1759,1612384,00.asp


"Using this exploit to crash Linux systems requires the (ab)user to have shell access or other means of uploading and running the program?like cgi-bin and FTP access," reports the discoverer, ?yvind S?ther.


"The program works on any normal user account, and root access is not required," S?ther reported.

IF someone has remote access to the system, yes it's remotely exploitable. Fine line there but burying your head in the sand and saying 'big deal, not going to affect me' doesn't improve the overall security of the system. The fact that the remote user needs no special permissions to take down the system IS a big deal. Granted, your average desktop user sitting behind a firewall isn't going to be too concerned, unless someone tricks them into installing and running the code with some socially engineered email. But who would bother...

Now the average Linux server admin may want to take this a little more serious. It's not a gaping hole, but nothing to ignore either.
Posted by: PA-ITGuy   Posted on: 06/16/04 You are currently: a Guest | Members login | Terms of Use
Reply to Story Reply to Message

Alert moderator to an offensive message

Subscribe to this discussion via Email or RSS

Flaw pops up in Linux kernel  Loverock Davidson | 06/15/04
I should warn you  Arrg | 06/15/04
Why?  Martin Marvinski | 06/16/04
Loserock can be funny though  Mike Hunt | 06/16/04
OTOH  kray_z | 06/16/04
Funny..  d_jedi | 06/16/04
BSOD  Martin Marvinski | 06/16/04
Or,  Spoon Jabber | 06/16/04
Actually I've found it to be.. BSOD..reboot..  Arrg | 06/16/04
funnier  Arrg | 06/16/04
This is why people SHOULD use Linux  Michael Kelly | 06/16/04
Common mistake!  ShadeTree | 06/16/04
Oh I agree  Michael Kelly | 06/16/04
Of...  Martin Marvinski | 06/16/04
Level's of availability  PA-ITGuy | 06/16/04
Quite true  Michael Kelly | 06/16/04
Patches and Story Flaws  theKid_z | 06/16/04
Ummm...yeah, as a matter of fact...  dj_45_cal | 06/16/04
But they are using Linux more and more...  rinaldo | 06/16/04
Ready to fire clue-by-four between the eyes  Spin_Masterz | 06/15/04
no it isn't.  JoeMama_z | 06/15/04
Sam, what?  Richard Flude | 06/15/04
are you suggesitng  zijiang | 06/15/04
My point is windows shouldn't be mentioned  Richard Flude | 06/15/04
if i were admining it.....  JoeMama_z | 06/16/04
Really? So MS has fundamentally redesigned their WIN32  Richard Flude | 06/16/04
I understand that i may not be able to close security holes...  JoeMama_z | 06/18/04
double standard  zijiang | 06/15/04
So is their damn IE and now their WMP part of the OS or not????  Spin_Masterz | 06/15/04
Phoney arguement  ShadeTree | 06/16/04
Not true...  Martin Marvinski | 06/16/04
P.S.  Martin Marvinski | 06/16/04
you could patch your system manually....  JoeMama_z | 06/16/04
Correct me if I'm wrong...  Michael Kelly | 06/16/04
Michael...  JoeMama_z | 06/16/04
But...  Martin Marvinski | 06/16/04
Marvin.....  JoeMama_z | 06/16/04
A hypochrite is someone....  ShadeTree | 06/16/04
re: A hypochrite is someone....  Iain_Peters | 06/16/04
RE: Lain_Peters  ShadeTree | 06/16/04
No Linux has not  Linux User 147560 | 06/15/04
Not remotely exploitable bunk!  ShadeTree | 06/16/04
Root not needed  PA-ITGuy | 06/16/04
Re: Not remotely ...  Iain_Peters | 06/16/04
Convenient definition  ShadeTree | 06/16/04
re: Convenient definition  Iain_Peters | 06/16/04
Fine, let me clarify  Linux User 147560 | 06/16/04
that is because  doh123 | 06/16/04
That's how MS sets it up.  Martin Marvinski | 06/16/04
you misunderstanding...  ryusen | 06/16/04
Knock yourself out...  Fred Fredrickson | 06/16/04
Kernel flaw  PA-ITGuy | 06/16/04
I agree completely  Michael Kelly | 06/16/04
old news..  +-Chris-+ | 06/15/04
Those of you patching raise your hands.  doe_z | 06/15/04
Given that Linux 2.6.7 is now available...  Zogg | 06/16/04
I will... but I'm a desktop user  Michael Kelly | 06/16/04
actually  neil ubich | 06/16/04
Fixed and found by users with access to source code.  Xunil_Sierutuf | 06/16/04
counterpoint  PA-ITGuy | 06/16/04
but his point still stands...  ryusen | 06/16/04
?-o  Expatriate US Geek | 06/16/04
Ooops.....  Expatriate US Geek | 06/16/04
Linux kernel full of bugs !!!  Ardian Daka | 06/16/04
It's news when Linux has a flaw, It's expected with Windows  km4hr@... | 06/16/04
Almost...  Michael Kelly | 06/16/04
Not actually!  ShadeTree | 06/16/04
2 reasons why they get reported over and over  Michael Kelly | 06/16/04
Actual data shows....  ShadeTree | 06/16/04
Very Interesting. I'd like to see the actual data.  el1jones | 06/16/04
Care to share that data with us?  Michael Kelly | 06/16/04
Including those decade old flaws?  rpmyers1 | 06/16/04
Name ONE?  Da-Man | 06/16/04
Shatter  rpmyers1 | 06/16/04
Okay, name TWO...Okay, THREE...........Okay, name ONE HUNDRED SEVENTY-NINE.  Linux_Developer | 06/16/04
The data  ShadeTree | 06/16/04
Some quotes from the original article  Michael Kelly | 06/16/04
My points exactly  ShadeTree | 06/16/04
re: Shadetree  Iain_Peters | 06/16/04
re: Shadetree  ryusen | 06/16/04
Whereas with Linux...  Martin Marvinski | 06/16/04
For a fair  michael-t | 06/18/04
True, but that was a bad approach.  Linux_Developer | 06/16/04
Get it right ZDNET  LongShipUser | 06/16/04
You have to wonder who rights this stuff...  el1jones | 06/16/04
Vulnerabilities, Attacks, and Intrusions  Da-Man | 06/16/04
What?!?  Linux_Developer | 06/16/04
That is the Facts...  Da-Man | 06/16/04
Are you Bitty in another nick?  Iain_Peters | 06/16/04
Open-source model is still a Security Risk  Da-Man | 06/16/04
The OPen Source model has already proved correct  Iain_Peters | 06/16/04
I don't have an Agenda...  Da-Man | 06/16/04
OK, that's a lot better  Linux_Developer | 06/16/04
Quite Funny...  Da-Man | 06/16/04
that is not a flaw in the open source model...  ryusen | 06/16/04
What about Hidden Exploit Code  Da-Man | 06/16/04
Let's think about that really hard...  Linux User 147560 | 06/16/04
See for you self  michael-t | 06/17/04
Less than half right  jd3_z | 06/16/04
half right  PA-ITGuy | 06/16/04
RE; half right  Iain_Peters | 06/16/04
Wow. they do read their links well  Iain_Peters | 06/16/04
Linux Bugs: Friends don't let Friends use Linux  samp_z | 06/16/04
re: Linux Bugs: Friends don't let Friends use Linux  Iain_Peters | 06/16/04
If you were my friend  Linux User 147560 | 06/16/04
Best Fix...  LongShipUser | 06/17/04
"But there is a fix"  rkadowns | 06/16/04
Ah yes, Microsoft supporters again.  Linux_Developer | 06/16/04
That wouldnt suprise me!  willtisdale@... | 06/16/04
I was only joking. And that post wasn't aimed at you.  Linux_Developer | 06/16/04
Windows Users???? (Try Switching To Linux)  willtisdale@... | 06/16/04
"Actually, Linux may not be all that great, but MS sure stinks!"  Linux_Developer | 06/16/04
Ok, I went a bit too far. (Sorry!)  willtisdale@... | 06/16/04
What?!?!  PA-ITGuy | 06/16/04
?!? (Too Tired)  willtisdale@... | 06/16/04
PS:  PA-ITGuy | 06/16/04
Unpatched Systems  willtisdale@... | 06/16/04
Also...  Linux_Developer | 06/16/04
Re: Also  willtisdale@... | 06/16/04
Daft Question! (Viruses)  willtisdale@... | 06/16/04
Read young padwan learner...  Linux User 147560 | 06/16/04
Thanks  willtisdale@... | 06/16/04
I havn't had a Blue Screen...  JoeMama_z | 06/16/04
It's those darn Microsoft coders  FilledOut | 06/18/04
Better Article On The Subject  linux_user | 06/19/04

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

advertisement
advertisement

Enterprise Applications

  • Check out some of the easiest and most powerful ways to boost productivity while saving money on your application infrastructure. See ZDNet's comprehensive Enterprise Application resource center, now!
  • New Online Dashboard
  • Read about top issues IT decision-makers face every day, plus get cost effective solutions to real life IT problems. Oracle Topline