Log in

No account? Create an account
Wakum Mata!
Politcally Incorrect Musings
Linux is broken 
16th-Aug-2009 11:46 am
Linux... I love it.

It has an exploitable fundamental flaw, though. It has had this flaw for the last eight years and affects all Linux kernels on all architectures (i.e. Intel, Motorola, Sun, etc.) since 2001.


Not to worry; it still requires local access to the machine. This exploit is not something that can be applied over the Internet.


Highly exploitable Linux kernel bug found, patched

David Meyer ZDNet.co.uk

Published: 14 Aug 2009 17:35 BST

A hole has been found in Linux kernel versions stretching back eight years that is 'as trivial as it can get to exploit', according to the Google employees who discovered it.

Julien Tinnes and Tavis Ormandy, the security researchers who discovered the vulnerability, have already issued a patch for the flaw. According to a blog post written by Tinnes on Thursday, the hole "affects all 2.4 and 2.6 kernels since 2001 on all architectures", and is "the public vulnerability affecting the greatest number of kernel versions". [...]


It was discovered last week and a patch is already in the the works. In the meantime, certain protocols (most are legacy) can be "blacklisted" to prevent the exploit from working:

PPP (point-to-point protocol, an older dialup-type network protocol. Some computers that connect directly to the Internet and not through a router might use a variation of PPP such as PPP over Ethernet - PPPoE)

Bluetooth (it is just evil... I used to design computers when this one came out. It is so very broken I refuse to use it EVER!! If you have this enabled, you are just waiting for someone to crack you... especially if it is enabled on your cellphone)

Appletalk (wow! this thing is still in use? Still running a network of 30 year old Macs?)

IPX (only if you are connecting to a DOS-based machine would you ever need to use this. why won't this just die?)

SCTP (newer protocol developed in 2000 that is like a souped-up TCP but not really in use by the common user. It was developed for Internet telephony - Skype uses a proprietary protocol; you're safe)

So is Linux LESS secure than Microsoft Windows? Not a chance. Look how fast a patch has come out! You never see that level of support coming from Redmond. Days, not weeks. Nothing swept under the rug trying to hide it for fear of bad press.

Linux: even the vulnerabilities are more secure than Windows.
This page was loaded May 22nd 2019, 9:01 pm GMT.