Linux users beware too.....

[Whitecrest]

Bitching Kernel problem.

---------------------
Researchers Find Serious Vulnerability in Linux Kernel
By Dennis Fisher
December 1, 2003

Security professionals took note of a critical new vulnerability in the
Linux kernel that could enable an attacker to gain root access to a
vulnerable machine and take complete control of it. An unknown cracker
recently used this weakness to compromise several of the Debian
Project's servers, which led to the discovery of the new vulnerability.

This discovery has broad implications for the Linux community. Because
the flaw is in the Linux kernel itself, the problem affects virtually
every distribution of the operating system and several vendors have
confirmed that their products are vulnerable. The vulnerability is in
all releases of the kernel from Version 2.4.0 through 2.5.69, but has
been fixed in Releases 2.4.23-pre7 and 2.6.0-test6.

 

[David Dorward]

Bitching Kernel problem.

It isn't that bad since:
(a) The fix is already available
(b) Its a local exploit so you need to find a way to execute a program on
the box first

Has Microsoft patched those five holes in IE that were announced last week
yet?

 

[brucie]

It isn't that bad since:
(a) The fix is already available
(b) Its a local exploit so you need to find a way to execute a program on
the box first

Has Microsoft patched those five holes in IE that were announced last week
yet?

don't get ahead of yourself. you have to wait for the ones discovered
last year to be fixed first.

 

[Mark Parnell]

Sometime around Tue, 02 Dec 2003 23:39:27 +0000, David Dorward is reported
to have stated:

(b) Its a local exploit so you need to find a way to execute a program on
the box first

How did someone manage to do that to the Debian servers then? Perhaps they
need to pay more attention to offline security.

 

[Whitecrest]

It isn't that bad since:
(a) The fix is already available
(b) Its a local exploit so you need to find a way to execute a program on
the box first

Has Microsoft patched those five holes in IE that were announced last week
yet?

I don't understand your need to belittle Microsoft just because there is
a post that shows a flaw in Linux.

 

[David Dorward]

How did someone manage to do that to the Debian servers then?

They managed to get hold of somebody's password, which gave them local
access.

 

[David Dorward]

I don't understand your need to belittle Microsoft just because there is
a post that shows a flaw in Linux.

and I don't see the need to make an offtopic post showing a flaw in Linux in
the first place.

 

[Matthias Gutfeldt]

Bitching Kernel problem.

---------------------
Researchers Find Serious Vulnerability in Linux Kernel
By Dennis Fisher
December 1, 2003

Security professionals took note of a critical new vulnerability in the
Linux kernel that could enable an attacker to gain root access to a
vulnerable machine and take complete control of it. An unknown cracker

You're late, Whitecrest. This particular attack was reported over a week
ago.


Matthias

 

[Whitecrest]

and I don't see the need to make an offtopic post showing a flaw in Linux in
the first place.

Oh so if I read about a security flaw in Microsoft Products it is ok to
mention it in alt.html, but if there is a security problem in any other
operating system then I should not mention it because we all know that
Microsoft is really the only true evil....

Very good David, I was not aware of these posting rules....

 

[brucie]

Oh so if I read about a security flaw in Microsoft Products it is ok to
mention it in alt.html, but if there is a security problem in any other
operating system then I should not mention it because we all know that
Microsoft is really the only true evil....

it really doesn't matter. linux sucks just as much as windows except for
different reasons, probably more so, at least you know windows will
support your hardware.

 

[Whitecrest]

it really doesn't matter. linux sucks just as much as windows except for
different reasons, probably more so, at least you know windows will
support your hardware.

There are problem in ALL OS's.

 

[Michael Fesser]

How did someone manage to do that to the Debian servers then?

* sniffed password for login
* local kernel-exploit for getting root
* root-kit installed

Debian Investigation Report after Server Compromises
http://lists.debian.org/debian-announce/debian-announce-2003/msg00003.html

Micha

 

[David Dorward]

Oh so if I read about a security flaw in Microsoft Products it is ok to
mention it in alt.html,...

.... well it counterbalances the thread starter

How about we keep anti-OS sentiments out of alt.html (and keep it to cola
etc where it belongs) except where it directly impacts something on topic?

 

[Whitecrest]

How about we keep anti-OS sentiments out of alt.html (and keep it to cola
etc where it belongs) except where it directly impacts something on topic?

I agree, but the original post was not anti any OS, it was informing
anyone using the OS there there is a serious issue with it, that they
need to look at. That was on topic.

Your reply, was not.

 

[Isofarro]

I agree, but the original post was not anti any OS, it was informing
anyone using the OS there there is a serious issue with it, that they
need to look at. That was on topic.

Your reply, was not.

What a load of complete nonsense.

 

[Toby A Inkster]

I agree, but the original post was not anti any OS, it was informing
anyone using the OS there there is a serious issue with it, that they
need to look at. That was on topic.

It might have been on topic if this was comp.os.linux, but it's not on
topic in alt.html.

Even browser security flaws are verging on off-topic.

 

[William Tasso]

...
Even browser security flaws are verging on off-topic.

It would be good to think so. Good luck with that one ;o)

 

[Mark Parnell]

Sometime around Wed, 03 Dec 2003 22:07:49 +0000, Toby A Inkster is reported
to have stated:

Even browser security flaws are verging on off-topic.

If that's the case, then is a certain OS component off-topic, too? I can
just see it:

Newbie: This page doesn't display correctly in IE.
Us: Sorry, that's off topic here...

 

[Toby A Inkster]

Sometime around Wed, 03 Dec 2003 22:07:49 +0000, Toby A Inkster is reported
to have stated:


If that's the case, then is a certain OS component off-topic, too? I can
just see it:

Newbie: This page doesn't display correctly in IE.
Us: Sorry, that's off topic here...

OK. How about "browser security flaws are off topic, unless they are
triggered by HTML".

 

[Mark Parnell]

Sometime around Wed, 03 Dec 2003 23:35:58 +0000, Toby A Inkster is reported
to have stated:

OK. How about "browser security flaws are off topic, unless they are
triggered by HTML".

LOL. I was just trying to demonstrate how pointless it is trying to define
what is off-topic. Anyway, the FAQ says pretty much anything web-related is
on topic.

That still excludes the post that started this thread, of course.