Remote buffer overflow bug in kernel

Sam Varshavchik mrsam at courier-mta.com
Wed Nov 5 23:21:01 UTC 2008


Antonio Olivares writes:

> Dear all,
> 
> There has been a bug in the kernel with a buffer overflow in kernel, 
> 
> \begin{quote}
> A remote buffer overflow vulnerability in the Linux Kernel could be exploited by attackers to execute code or cripple affected systems, according to a Gentoo bug report that just became public.
> 
> The flaw could allow malicious hackers to launch arbitrary code with kernel-level privileges.  This could lead to complete system compromise or, in some cases if an exploit fails, result in denial-of-service attacks.
> \end{quote}
> 
> More at  
> http://blogs.zdnet.com/security/?p=2121
> 
> Q:  Will we see an updated kernel soon that addresses this issue?
> 
> Is it a real bug or just on Gentoo?  

RTFA:

    •Anders Kaseorg discovered that ndiswrapper did not correctly handle
    long ESSIDs. If ndiswrapper is in use, a physically near-by attacker
    could generate specially crafted wireless network traffic and crash the
    system, leading to a denial of service.

If you're using ndiswrapper for a wireless card, you're boned.

Just consider it as yet another cost of bending over to accomodate non-free 
binary blob device drivers, instead of giving your business to 
Linux-friendly hardware manufacturers which actively support the free 
software community.

This is not a kernel bug, this is a bug in ndiswrapper, so there won't be 
any kernel updates for Fedora. The fix will have to be in ndiswrapper, which 
is not part of Fedora proper.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20081105/cff8f0ce/attachment-0001.sig>


More information about the fedora-list mailing list