Skip to comments.
Flaw in Linux kernel allows attack
CNETAsia ^
| December 2 2003
| Robert Lemos
Posted on 12/01/2003 8:10:29 PM PST by yonif
click here to read article
Navigation: use the links below to view more comments.
first 1-20, 21-40, 41-60, 61-80 ... 141-147 next last
1
posted on
12/01/2003 8:10:29 PM PST
by
yonif
To: yonif; Noumenon; Bush2000; PatrioticAmerican; TheEngineer; Golden Eagle; Coral Snake; old-ager; ...
To: yonif
Whoever these hackers are they are completely to blame for exploiting the Debian Linux servers, but there are still some issues for Debian and the Linux "community" to work out:
- One of the lead programmer's workstation was rooted, how did this happen?
- The workstation break ultimately resulted in several of the core servers supporting a mainstream version of Linux to be owned by outsiders who could have covered their tracks or left misleading info.
- The security hole was not known to be a security problem until the breach, and was simply thought by the developers to be buggy, but not exploitable which is why the fix wasn't backported.
- The hole is actually in the kernel itself, not a subsystem or application.
- The hole is in many other versions of Linux, but only 3 of the countless distros have yet released a patch.
Again, IMO the hackers always deserve near 100% of the blame in these attacks. Funny how Linux crowd probably agrees, THIS TIME.
To: yonif
Sometimes I despair of making Microsoft systems completely secure, but man... those Linux guys eat their own. At least in the Microsoft world, the battle lines are a bit clearer.
To: yonif
This cannot be correct. My Linux using friends swear to me that Linux is secure.
5
posted on
12/01/2003 8:46:19 PM PST
by
twntaipan
(Liberalism: The Rot on the Dung Heap of Humanity)
To: adam_az
This may be of interest...
6
posted on
12/01/2003 8:50:15 PM PST
by
yonif
("If I Forget Thee, O Jerusalem, Let My Right Hand Wither" - Psalms 137:5)
To: Incorrigible
LOL! I hadn't seen that one.
To: Golden Eagle
The hole is in many other versions of Linux, but only 3 of the countless distros have yet released a patch.
What do you mean by that? You can download the source for the 2.4.23 kernel for the past week and compile yourself.
8
posted on
12/01/2003 9:09:38 PM PST
by
lelio
To: yonif
Now Linux an really compete against Windows! :)
9
posted on
12/01/2003 9:22:28 PM PST
by
toupsie
To: twntaipan
"This cannot be correct. My Linux using friends swear to me that Linux is secure."
Yes, I also doubt that this security problem is true. I have been told by Linux users of the vast superiority of their operating system.
But what do I know, I am a lowly Windows user, my mind cannot fathom the operating system/religion that is Linux.
10
posted on
12/01/2003 9:30:17 PM PST
by
ryanjb2
To: rdb3
ping
11
posted on
12/01/2003 9:43:33 PM PST
by
honeygrl
(FreeRepublic.com "The Crack Cocaine of Conservative News Discussion")
To: lelio
Just what I said, only 3 distros have so far released a patch for the vulnerable users who don't care for a full kernel upgrade, for whatever their personal reasons may be.
http://lwn.net/Alerts/
To: Incorrigible
13
posted on
12/01/2003 10:02:54 PM PST
by
Delta 21
To: N3WBI3
bump
14
posted on
12/01/2003 10:14:00 PM PST
by
RnMomof7
To: lelio
What do you mean by that? You can download the source for the 2.4.23 kernel for the past week and compile yourself.
Everyone, be sure to pass this on to your mom, dad, siblings, cousins, etc. Get compiling, everyone, compile!
15
posted on
12/01/2003 11:06:34 PM PST
by
Bush2000
To: Golden Eagle
16
posted on
12/01/2003 11:07:19 PM PST
by
Bush2000
To: Bush2000
MS-pantload.
17
posted on
12/01/2003 11:17:35 PM PST
by
tubavil
To: tubavil
boy... lucky for me I hide my linux servers behind a firewall... just like all my other servers.
Lucky me.
18
posted on
12/01/2003 11:21:56 PM PST
by
Ramius
To: lelio
you forget the ms addicts...
they are looking for a patch that you pay for, and push a button.
the idea of typing in the code by hand, hurts their sense of addiction, nobody to "fix" it for them ya know... and they don't have to "wait" for their "supplier" to get them a "fix" for their problem... what would they do?
the concept of actually commenting out offending lines of source code, replacing them with the "fix" by hand... and recompiling...
brings on a panic attack "What if I type it in wrong?"
roflmao...
"update my kernel myself? you gotta be kidding! gasp!"
19
posted on
12/01/2003 11:27:16 PM PST
by
Robert_Paulson2
(robert... the rino... LWMPTBHFTOSTA....)
To: lelio
allowed an attacker who already had access to a server to remove the limitationsImagine that, someone with prior "root access" was able to attack the computer system he already had access to, operating it in a malicious way, and wasa even able to give equal access to other people not previously allowed into the system!
roflmao...
Geeze, I guess if I can crash my own unix box, using root access, or let others in to do it using my access permissions, I have found a REAL hole in the program.
kinda like this?
Yeah I found zillions of those "holes" in root user security when I used Microslop... crashed my own machine, a couple dozen times a week... little did I know I had found a viable security exploit!
20
posted on
12/01/2003 11:37:02 PM PST
by
Robert_Paulson2
(robert... the rino... LWMPTBHFTOSTA....)
Navigation: use the links below to view more comments.
first 1-20, 21-40, 41-60, 61-80 ... 141-147 next last
Disclaimer:
Opinions posted on Free Republic are those of the individual
posters and do not necessarily represent the opinion of Free Republic or its
management. All materials posted herein are protected by copyright law and the
exemption for fair use of copyrighted works.
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson
