# Re: Remote buffer overflow bug in kernel

• From: Sam Varshavchik <mrsam courier-mta com>
• To: Community assistance, encouragement, and advice for using Fedora. <fedora-list redhat com>
• Subject: Re: Remote buffer overflow bug in kernel
• Date: Wed, 05 Nov 2008 18:21:01 -0500

Antonio Olivares writes:


Dear all,


There has been a bug in the kernel with a buffer overflow in kernel,
\begin{quote}
A remote buffer overflow vulnerability in the Linux Kernel could be exploited by attackers to execute code or cripple affected systems, according to a Gentoo bug report that just became public.

The flaw could allow malicious hackers to launch arbitrary code with kernel-level privileges.  This could lead to complete system compromise or, in some cases if an exploit fails, result in denial-of-service attacks.
\end{quote}


More at http://blogs.zdnet.com/security/?p=2121

Q:  Will we see an updated kernel soon that addresses this issue?


Is it a real bug or just on Gentoo?

RTFA:

•Anders Kaseorg discovered that ndiswrapper did not correctly handle
long ESSIDs. If ndiswrapper is in use, a physically near-by attacker
could generate specially crafted wireless network traffic and crash the
system, leading to a denial of service.

If you're using ndiswrapper for a wireless card, you're boned.


Just consider it as yet another cost of bending over to accomodate non-free binary blob device drivers, instead of giving your business to Linux-friendly hardware manufacturers which actively support the free software community.


This is not a kernel bug, this is a bug in ndiswrapper, so there won't be any kernel updates for Fedora. The fix will have to be in ndiswrapper, which is not part of Fedora proper.



Attachment: pgp23QANDQgC7.pgp
Description: PGP signature