Remote buffer overflow bug in kernel
Sam Varshavchik
mrsam at courier-mta.com
Wed Nov 5 23:21:01 UTC 2008
Antonio Olivares writes:
> Dear all,
>
> There has been a bug in the kernel with a buffer overflow in kernel,
>
> \begin{quote}
> A remote buffer overflow vulnerability in the Linux Kernel could be exploited by attackers to execute code or cripple affected systems, according to a Gentoo bug report that just became public.
>
> The flaw could allow malicious hackers to launch arbitrary code with kernel-level privileges. This could lead to complete system compromise or, in some cases if an exploit fails, result in denial-of-service attacks.
> \end{quote}
>
> More at
> http://blogs.zdnet.com/security/?p=2121
>
> Q: Will we see an updated kernel soon that addresses this issue?
>
> Is it a real bug or just on Gentoo?
RTFA:
•Anders Kaseorg discovered that ndiswrapper did not correctly handle
long ESSIDs. If ndiswrapper is in use, a physically near-by attacker
could generate specially crafted wireless network traffic and crash the
system, leading to a denial of service.
If you're using ndiswrapper for a wireless card, you're boned.
Just consider it as yet another cost of bending over to accomodate non-free
binary blob device drivers, instead of giving your business to
Linux-friendly hardware manufacturers which actively support the free
software community.
This is not a kernel bug, this is a bug in ndiswrapper, so there won't be
any kernel updates for Fedora. The fix will have to be in ndiswrapper, which
is not part of Fedora proper.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20081105/cff8f0ce/attachment-0001.sig>
More information about the fedora-list
mailing list