New Linux Kernel Crash-Exploit Discovered

KingFishKingFish
edited June 2004 in Science & Tech
A bug lets a simple C program crash the linux kernel, effectively locking the whole system. Affects both 2.4.2x and 2.6.x kernels on the x86 architecture.
This bug is confirmed to be present when the code is compiled with GCC version 3.0, 3.1, 3.2, 3.3 and 3.3.2 and used on Linux kernel versions 2.4.2x and 2.6.x x86 systems. Using this exploit to crash Linux systems requires the (ab)user to have shell access. The program works on any normal user account, root access is not required.
This has been wrecking havoc on many online shell access providers lately too. -KF

Source: Linux Reviews

Comments

  • Straight_ManStraight_Man Geeky, in my own way Naples, FL Icrontian
    edited June 2004
    Nice thing is, there are patches for the "evil" vuln for those who can patch kernels or know how to rebuild them. Same site. Gentoo (certain kernels) and User-mode Linux seem best off in this regard.

    For SHELL servers this is a PITA, for workstation Linux boxes or single-purpose servers it is less so, the vuln requires that a file be uploaded to box being attacked and that user be able to run said file on remote box-- need not be root, must be able to run file. Most experienced sysadmins do not allow remote run authority and upload authority to anywhere near most people. Limit authority to run only what is on box already, allow uploads via sftp only, and vet what is made runnable.
Sign In or Register to comment.