[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Remote buffer overflow bug in kernel



Antonio Olivares writes:

Dear all,

There has been a bug in the kernel with a buffer overflow in kernel,
\begin{quote}
A remote buffer overflow vulnerability in the Linux Kernel could be exploited by attackers to execute code or cripple affected systems, according to a Gentoo bug report that just became public.

The flaw could allow malicious hackers to launch arbitrary code with kernel-level privileges.  This could lead to complete system compromise or, in some cases if an exploit fails, result in denial-of-service attacks.
\end{quote}

More at http://blogs.zdnet.com/security/?p=2121

Q:  Will we see an updated kernel soon that addresses this issue?

Is it a real bug or just on Gentoo?

RTFA:

   •Anders Kaseorg discovered that ndiswrapper did not correctly handle
   long ESSIDs. If ndiswrapper is in use, a physically near-by attacker
   could generate specially crafted wireless network traffic and crash the
   system, leading to a denial of service.

If you're using ndiswrapper for a wireless card, you're boned.

Just consider it as yet another cost of bending over to accomodate non-free binary blob device drivers, instead of giving your business to Linux-friendly hardware manufacturers which actively support the free software community.

This is not a kernel bug, this is a bug in ndiswrapper, so there won't be any kernel updates for Fedora. The fix will have to be in ndiswrapper, which is not part of Fedora proper.

Attachment: pgp23QANDQgC7.pgp
Description: PGP signature


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]