Recent blog posts

Linux Security Kernel Clean-Up

Two significant Linux bugs have been founded and smashed. Here's what you need to know.

By sjvn  4 comments

December 11, 2009, 5:39 PM While Windows has more security problem than a barn dog has fleas, Linux isn't immune to having its own security holes. Recently, two significant bugs were found, and then smashed. To make sure you don't get bit, you should patch your Linux system sooner rather than later.

Bug number one on the hit list is a remote DDoS (distributed denial-of-service) vulnerability that could potentially let an attacker crash your server by sending it an illegally fat IPv4 TCP/IP packet. Those of you who are network administrators may be going, "Wait, haven't I heard of this before?" Why, yes, yes you have.

It's the good old ping-of-death DDoS attack back again. What happened, according to the Linux kernel discussion list, was that somewhere between the Linux kernel 2.6.28.10 and 2.6.29 releases someone made a coding boo-boo and made it possible for this ancient attack to work again.

Fortunately--this is open source after all--the bug was quickly found and fixed before any bum got a chance to smash systems with a ping-of-death attack. If you're using any Linux kernel except 2.6.28.1x you're safe. Not sure what version you're running? The easy way to find out is to run the following command from a shell prompt:

uname -a

The other bug is potentially more troublesome because it could be used to take a system over. On the other hand, you need to be a local user to pull it off, so personally, I don't consider it as important as an attack that can be made over the Internet.

This bug is with the Ext4 file system, which became an official part of Linux with the 2.6.28 kernel. The problem came from three smaller Ext4 problems, which added up to letting an ordinary local user overwrite files to which they should only have had read permission. With this a user with a grudge could over-write files, say the good old Unix/Linux user password file, '/etc/passwd' with whatever they wanted. Not good.

This problem has also been fixed. Your usual Linux update should take care of the problem. You do update your system regularly right?

There are further details on the fixes for the problems for Ubuntu; Red Hat; Fedora; and openSUSE. But, unless you really want to get into the code's nitty-gritty, you don't need to pay overmuch attention to the down and dirty details, just make sure to update your systems and all should be well.

4 comments

    Anonymous 2 years ago
    It's a denial of service, not a distributed denial of service. The latter is when you have a large number of machines involved in causing a denial of service to a victim. Each attacker takes on a small part of the attack. i.e. the attack is distributed over a large number of attackers.In this case one attacker is enough to cause the denial of service to the victim.
    Flag comment  |  Permalink Reply
    Anonymous 2 years ago
    The stated affected kernel versions in this article are just plain wrong. The ipv4 issue affects all (unpatched) kernels from 2.6.29 to 2.6.32. However, most vendors (such as redhat) have already released updates for kernels in that range.The vulnerable code for the ext4 issue was introduced in 2.6.31, so only it and 2.6.32 were affected, but again vendors have already patched all their affected versions in that range as well.
    Flag comment  |  Permalink Reply
    Anonymous 2 years ago
    Before any Microsoft-paid posters jump on this, I just wanted to say that a few bugs are invariably introduced as any software evolves. It is understandable that this occurs due to the complexity of new code (in Linux or other OS's). At least with Linux there are millions of "eyes" checking the source code for problems, and these few problems seem to be permanently fixed in rather short order. I wish Microsoft (which never does seem able to permanently patch any of their products) could do likewise...then the Internet could be a safer place!
    Flag comment  |  Permalink Reply
    Anonymous 2 years ago in reply to Anonymous
    Get real, install any version of Linux and run an update to see the slew of security patches. No OS is perfect since they are written (and checked) by imperfect beings. In this case an imperfect someone undid the permanent fix you are bragging about. Stop slinging the MS mud.
    Flag comment  |  Permalink Reply

      Add a comment

      Post a comment using one of these accounts
      Or join now
      At least 6 characters

      Note: Comment will appear soon after you have activated your account.
      Obscene/spam comments will be removed and accounts suspended.
      The information you submit is subject to our Privacy Policy and Terms of Service.

      ITworld LIVE

      SecurityWhite Papers & Webcasts

      White Paper

      Overcome Top 7 Admin Challenges of Active Directory

      As Active Directory's role in the enterprise has drastically increased, so has the need to secure the data. Gain insight on creating repeatable, enforceable processes that reduces administrative overhead and enables robust, customizable reporting and auditing capabilities. Brought to you by NetIQ.

      White Paper

      Insiders Can Ruin Your Company. Take Action.

      Did you know that 80 percent of threats to an organization come from the inside? The threat from insiders is often overlooked in organizations worldwide. This white paper from NetIQ, discusses key technology solutions that help to prevent and detect insider threats.

      White Paper

      Top Solutions and Tools to Prevent Devastating Malware

      Custom malware frequently goes undetected. According to Forrester Research, the best way to reduce risk of breach is to deploy file integrity monitoring (FIM) tools that provide immediate alerts. This white paper has been brought to you by NetIQ, the leader in solving complex IT challenges.

      White Paper

      Streamline Compliance and Increase ROI

      Streamline, simplify, and automate compliance related activities; especially those that impact multiple business units. This white paper from NetIQ, outlines solutions that will help your business gain the maximum return on investment possible while aligning your compliance programs.

      White Paper

      X-Ray of the PCI Process-4 Proactive Steps

      This white paper from Forrester Research Inc., helps break PCI into understandable components. Security and risk professionals will gain knowledge and insight into creating a compliant and secure IT environment. Follow these four proactive steps now before your next audit. Brought to you by NetIQ.

      See more White Papers | Webcasts

      Answers - Powered by ITworld

      ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

      Join Now

      New questions

      How to distribute apps to mobile employees?
      3 answers
      Why do VoIP calls over WiFi still get counted as "minutes used" by mobile providers?
      0 answers
      Which is better for password security, length or complexity?
      2 answers
      What are the chances that the cloud will kill off the PC?
      2 answers
      Where can I find tech services providers that focus on really small businesses?
      0 answers
      View more questions

      Ask a question

      Join Now or Sign In to ask a question.
      Ask a Question