There is a remotely exploitable bug in all Linux kernel 2.6 series due to using incorrect variable type. Vulnerability is connected to netfilter subsystem and may cause DoS. It’s disclosed only when using iptables with rules matching TCP options (i.e. –tcp-option). There is no difference what action is taking up by matching rule.
After sending one suitably prepared TCP packet to victim host, kernel goes into infinite loop consuming all CPU resources, rendering the box unresponsable. Of course, there is no need to have a shell access to attacked
host.
Hmm, not a very nice thing to have discovered happening to your box – especially because you’ll probably have no idea what caused it. Does this just crash your box, or can it be used as an exploit to gain control in some way? It doesn’t look like it.
looks like it just locks your kernel into an infinite loop
i wonder if this is why my apt-get update/upgrade yesterday installed a newer version of the kernel on fc2
-Ophidian
This security update fixes the remote DoS possibility identified and fixed
by Adam Osuchowski and Tomasz Dubinski in the netfilter code of the 2.6
kernel. Note that this remote DoS can only be triggered when using the
rarely used “-p tcp –tcp-option” options in the netfilter firewall
subsystem. Fedora Core 2 systems are not vulnerable unless the administrator
manually configured this rarely used option.
For more information see
http://www.securityfocus.com/archive/1/367615/2004-06-27/2004-07-03…
The inventors of C and C++ probably never cared about typechecking. This is quite amazing for those who program in Ada or other serious languages.
yeah, they should do the sane thing and port linux over to java! :p
… or to Python. Python rules! 😉
Yeah, pylux would be a great idea ;P
I guess this one slipped through the open-source iron curtain of security purists…
Shame this was modded down, MS was flamed pretty good over the recent IE bug. Not that I didn’t agree with it, but hey how is this any different?
On ppc, the “char” datatype is unsigned by default.
You’d need an explicit “signed char” to create this bug.
Shame this was modded down, MS was flamed pretty good over the recent IE bug. Not that I didn’t agree with it, but hey how is this any different?
This bug can’t install software that tries to steal your creditcard numbers and other things you rather not have in the hands of crimincals. But I agree, this is still a pretty bad DOS exploit especially since it’s in the piece of software that should protect you from hackers.
It just doesn’t compare to the IE and ISS bug that let remote hackers execute code on your machine…
“But I agree, this is still a pretty bad DOS exploit especially since it’s in the piece of software that should protect you from hackers’
you need to enable rarely used firewall options for this to work. it is nowhere near as problematic as the crappy browser called IE
“The inventors of C and C++ probably never cared about typechecking.”
They most definitely did not. C evolved as an ad-hoc extension of B to be able to target the PDP-11. B was entirely untyped (as was the PDP-7 that it was targetting).
The original size constraints for the language along with the concern for backward-compatibility caused any type-safety systems to be defined late, and to be made mandatory only much later. Casts appeared in 1977 but were not made mandatory. Function prototypes took another 10 years to appear (C90), and 10 extra years to be mandatory (C99, which few compilers support).
C is not much more than a glorified-macro-assembler-turned-programming-language. Trying to think of it otherwise is a big mistake.