Linux-Watch
      . . . keeping an eye on the penguin   
Home  |  News  |  Forum  |  Blogs  |  Videos  |  ITLink

Keywords: Match:
Linux hole patched
Feb. 13, 2008

Not long after we reported that there was a major security hole in Linux, the Linux kernel developers came up with a permanent patch for the problem.

The security hole was with the relatively new Linux kernel system call sys_vmsplice. This system call moves data from a user space memory address range via a pipe to another destination. It's present in Linuxes using the Linux kernel from Version 2.6.17 to what had been the latest production Linux kernel, 2.6.24.1.

An exploit for this system call was revealed on the security exploit site Milw0rm on Feb. 9. This exploit showed that a user with local shell access and the exploit in hand could obtain root, master administration access to a Linux system.

A hot-fix was issued almost immediately. The permanent patch was delivered on the evening of Feb. 10. As Greg Kroah-Hartman, senior Linux developer employed by Novell, reported that night, "All currently active Linux kernel versions are now released with a fix for this problem. We have released them through our normal channels, with the needed information as to what the problem is, a pointer to the CVE number, and the patch itself."

There are two slightly different versions of the patch, depending on which Linux kernel you're running. But as master Linux developer Linus Torvalds wrote on the LKML (Linux Kernel Mailing List) concerning this, "In this particular case, maybe some [stable] person [a developer working on the stable, rather than experimental, versions of Linux] might have felt that they just didn't want to change semantics for the NULL pointer, or maybe they didn't even notice that what I committed to the development tree was slightly changed. It _really_ doesn't matter."

Updated versions of the kernel with the fix are now available for Debian, Ubuntu, openSUSE, Fedora, Red Hat and presumably all other mainstream Linuxes. Many of them, such as openSUSE, are automatically delivering the repaired Linux system.

—Steven J. Vaughan-Nichols

Do you have comments on this story?
Talkback here

NOTE: Please post your comments regarding our articles using the above link. Be sure to use this article's title as the "Subject" in your posts. Before you create a new thread, please check to see if a discussion thread is already running on the article you plan to comment on. Thanks!

(Click here for further information)

7 Advantages of D2D Backup
For decades, tape has been the backup medium of choice. But, now, disk-to-disk (D2D) backup is gaining in favor. Learn why you should make the move in this whitepaper.

4 Legal Reasons to Control Internet Access
The Internet is obviously a valuable resource for many organizations. However, many are exposed to legal liability concerns because they fail to control Internet access. Learn if you're safe in this white paper.

Rapidly Resolve J2EE Application Problems
Whether you are in the process of building J2EE applications or have J2EE applications already running in production, you must ensure that they deliver the expected ROI. Learn how in this white paper.

Load Testing 2.0 for Web 2.0
There are many unknowns in stress testing Web 2.0 applications. Find out how to test the performance of Web 2.0 in this white paper.

Build Better Games Online
For the game infrastructure providers, life is complex. Making money from games has become more complicated. Why? Find out in this white paper.

Building a Virtual Infrastructure from Servers to Storage
This white paper discusses the virtual storage solutions that reduce cost, increase storage utilization, and address the challenges of backing up and restoring Server environments.

Gaining Faster Wireless Connections with WiMAX
Welcome to what is quickly becoming the hyperconnected world where anything that would benefit from being connected to the network will be connected. Learn more in this white paper.

Is Your Desktop a Security Threat?
The new wave of sophisticated crimeware not only targets specific companies, but also targets desktops and laptops as backdoor entryways into those business’ operations and resources. Learn how to stay safe in this white paper.

Increasing SAN Reliability by 100 Percent
Storage area networks (SAN) are a strong part of storage plans. Learn how to increase your reliability and uptime by 100 percent in this case study.

 

Got a HOT tip?   please tell us!
ADVERTISEMENT
(Advertise here)
Also visit:
 • eWEEK's Linux center
• Dev Shed
  and, our 'evil twin'...
• Microsoft-Watch.com
Latest Linux-Watch Posts

• Microsoft tactics push India toward Linux
• Bell, SuperMicro sued over GPL
• "Business intelligence" software goes GPL
• Will Atom bomb?
• LF Summit videos posted
• Linux gains "embedded" maintainers
• Virtualization on tap in SLES and RHEL upgrades
• Linux gets security black eye
• Verizon chooses Linux "platform of choice"
• Hats off to Fedora 9
More Linux-Watch posts

DesktopLinux headlines:
• Graphics board vendor touts faster Linux drivers
• Private St. Louis school goes Linux
• Xandros quietly acquires Linspire
• Microsoft pushes India toward Linux
• "Intrepid Ibex" plucks up courage for alpha release
• Military-grade USB key supports Linux desktops
• CentOS 5.2 ships with enhanced virtualization
• Ubuntu "MID Edition" ships
• Gutsy Geeks take Linux to the airwaves
• OpenSUSE 11.0 arrives
More DesktopLinux news
LinuxDevices headlines:
• Linux video camera geo-tags, writes to SATA drives
• Garmin Nav devices run Gnome Linux
• Ten LiMo phones this month?
• It's a Yankee Doodle Linux phone
• Wind River to host "Developer Day"
• Dev boards gain Linux support
• 802.11n zooms ahead
• Low-power mini-ITX board runs Linux
• Pico-ITX board bears twins
• Mass-market WiFi router invites Linux hackers
More LinuxDevices news
Dev Shed Dev Shed
Powered By Dev Shed

Linux vs. Windows?
•  in the enterprise
•  in gadgets & devices
Linux conquers smartphones!

...read all about 'em

news feed
Home  |  News  |  Forum  |  About  |  Contact
 

Ziff Davis Enterprise Home | Contact Us | Advertise | Link to Us | Reprints | Magazine Subscriptions | Newsletters
Tech RSS Feeds | White Papers | ROI Calculators | Tech Podcasts | Tech Video | VARs | Channel News

Baseline | Careers | Channel Insider | CIO Insight | DesktopLinux | DeviceForge | DevSource | eSeminars |
eWEEK | Enterprise Network Security | LinuxDevices | Linux Watch | Microsoft Watch | Mid-market | Networking | PDF Zone |
Publish | Security IT Hub | Strategic Partner | Web Buyer's Guide | Windows for Devices

Developer Shed | Dev Shed | ASP Free | Dev Articles | Dev Hardware | SEO Chat | Tutorialized | Scripts |
Code Walkers | Web Hosters | Dev Mechanic | Dev Archives | igrep

Use of this site is governed by our Terms of Service and Privacy Policy. Except where otherwise specified, the contents of this site are copyright © 1999-2008 Ziff Davis Enterprise Holdings Inc. All Rights Reserved. Reproduction in whole or in part in any form or medium without express written permission of Ziff Davis Enterprise is prohibited. Linux is a registered trademark of Linus Torvalds. All other marks are the property of their respective owners.