Linux kernel vulnerability is behind Debian attack - Microsoft Windows

This is a discussion on Linux kernel vulnerability is behind Debian attack - Microsoft Windows ; http://www.infoworld.com/article/03/...xkernel_1.html ROLFMAO!!!! This is the socalled linux secure kernel....

+ Reply to Thread
Results 1 to 13 of 13

Thread: Linux kernel vulnerability is behind Debian attack

  1. Linux kernel vulnerability is behind Debian attack

    http://www.infoworld.com/article/03/...xkernel_1.html

    ROLFMAO!!!!

    This is the socalled linux secure kernel.


  2. Re: Linux kernel vulnerability is behind Debian attack

    bogus@invalid.tld wrote:

    > http://www.infoworld.com/article/03/...xkernel_1.html
    >
    > ROLFMAO!!!!
    >
    > This is the socalled linux secure kernel.
    >


    Look, at least you heard it existed, right? And at least it got removed.
    Send me your SAM file with its supposedly secure password hashes, or
    give me less than a minute alone with your computer and a boot disk, and
    I'll have all your passwords.

    And it got fixed back in September, in a nice patch you could install,
    only 12 lines, that wouldn't cause random problems with your computer
    and make it unusable.

    That said, it was a stupid mistake, and its a pity debian didn't patch a
    few months earlier. More information at
    http://kerneltrap.org/node/view/1717

    Patch follows. GPL licensed, etc.

    --- 1.31/mm/mmap.c Fri Sep 12 06:44:06 2003
    +++ 1.32/mm/mmap.c Thu Oct 2 01:18:19 2003
    @@ -1041,6 +1041,9 @@
    if (!len)
    return addr;

    + if ((addr + len) > TASK_SIZE || (addr + len) < addr)
    + return -EINVAL;
    +
    /*
    * mlock MCL_FUTURE?
    */

  3. Re: Linux kernel vulnerability is behind Debian attack

    On Wed, 10 Dec 2003 06:32:31 +0000, bogu wrote:

    > http://www.infoworld.com/article/03/...xkernel_1.html
    >
    > ROLFMAO!!!!
    >
    > This is the socalled linux secure kernel.


    "The vulnerability can only be exploited by someone who has already been
    given a user account on the Linux machine,"

    'nuff said.

    --
    Rick


  4. Re: Linux kernel vulnerability is behind Debian attack

    On Wed, 10 Dec 2003 11:17:17 +0000, Rick wrote:

    > "The vulnerability can only be exploited by someone who has already been
    > given a user account on the Linux machine,"


    You mean that it doesn't happen like in Windows where viruses (like
    CodeRed) can enter inside your box whenever they feel like, damage it and
    use your computer as lauch base to infect other Windows boxes?
    You mean that to use this exploit (promptly fixed by the opensource
    community) you first need to find a way to get control of an user account?
    Not like in Windows when all you have to do to get infected is read an
    email or visit a website?

    LOL

    Bye,
    Luca

    --
    Linux registered user #291568 (http://counter.li.org/)
    Electronic Frontier Foundation Member (http://www.eff.org/)
    Mandrake Club Member (http://www.mandrakeclub.com/)


  5. Re: Linux kernel vulnerability is behind Debian attack

    Luca wrote:

    > On Wed, 10 Dec 2003 11:17:17 +0000, Rick wrote:
    >
    >
    >>"The vulnerability can only be exploited by someone who has already been
    >>given a user account on the Linux machine,"

    >
    >
    > You mean that it doesn't happen like in Windows where viruses (like
    > CodeRed) can enter inside your box whenever they feel like, damage it and
    > use your computer as lauch base to infect other Windows boxes?
    > You mean that to use this exploit (promptly fixed by the opensource
    > community) you first need to find a way to get control of an user account?
    > Not like in Windows when all you have to do to get infected is read an
    > email or visit a website?
    >
    > LOL
    >
    > Bye,
    > Luca
    >


    Look, it's still a vulnerability though isn't it? Hell, if someone gets
    hold of some dumbass who runs the ssh daemon or even telnetd publicaly
    assesible, gets a normal user account, and then exploits this, they have
    root don't they.

  6. Re: Linux kernel vulnerability is behind Debian attack

    On Thu, 11 Dec 2003 08:29:25 +1300, jeremyn wrote:

    > Look, it's still a vulnerability though isn't it? Hell, if someone gets
    > hold of some dumbass who runs the ssh daemon or even telnetd publicaly
    > assesible, gets a normal user account, and then exploits this, they have
    > root don't they.


    Telnet? Who uses telnet anymore? Oh yeah... it is one of the *new*
    features added to Windows 2k... i forgot... funny how when M$ added this
    "feature" to their Windows boxes Linux distros disabled it by default
    because too unsafe and suggested to everyone to use ssh instead.
    Ssh? How would you decript the flow of data in ssh? You need to decrypt it
    to get username and password, don't you?
    And if you are dumb enough to let ppl read your password while you type it
    then you deserve what you get.
    Beside this... you need to be very unlucky because the person who reads
    your username/password (in a way or another) has to be a very good cracker
    to:
    1) know about this bug
    2) know how to _use_ this bug [the hard part]

    While... on Windows boxes... nothing like this is required to build a very
    nasty virus that takes control of Windows boxes and uses them to go infect
    other Windows boxes. There is no need of being a "good cracker" to build a
    Windows' virus or trojans.

    So, as you see, the bug found in the Linux Kernel (and fixed even before
    that this case became public) is not even close to the ****load of
    security problems that Windows has and will have for the years to come.

    Bye,
    Luca

    P.S.: After one year of using Linux on my home computers i _STILL_ have to
    have a problem with viruses, trojans and so on... all this without having
    an antivirus installed. While my brother who uses Win2k had to deal with
    all the recent infections and now his computer reboots randomly and
    without a reason.

    --
    Linux registered user #291568 (http://counter.li.org/)
    Electronic Frontier Foundation Member (http://www.eff.org/)
    Mandrake Club Member (http://www.mandrakeclub.com/)


  7. Re: Linux kernel vulnerability is behind Debian attack

    On Wed, 10 Dec 2003 23:28:42 +1300, jeremyn
    wrote:

    >Look, at least you heard it existed, right?


    Yeah, you linux idiots kept on trying to hide such things, welcome to
    the real world.


    >Patch follows. GPL licensed, etc.


    You have Linux looney advocates that claim that they don't need patches
    or they don't exist on Linux.

    ROFLMAO!!!


  8. Re: Linux kernel vulnerability is behind Debian attack

    On Wed, 10 Dec 2003 11:17:17 GMT, Rick wrote:

    >On Wed, 10 Dec 2003 06:32:31 +0000, bogu wrote:
    >
    >> http://www.infoworld.com/article/03/...xkernel_1.html
    >>
    >> ROLFMAO!!!!
    >>
    >> This is the socalled linux secure kernel.

    >
    >"The vulnerability can only be exploited by someone who has already been
    >given a user account on the Linux machine,"
    >
    >'nuff said.


    Yep, really.

    Nothing more pathetic than being hacked by a trusted used.

    ROFLMAO!!!


  9. Re: Linux kernel vulnerability is behind Debian attack

    On Wed, 10 Dec 2003 14:03:00 +0100, "Luca" wrote:

    >On Wed, 10 Dec 2003 11:17:17 +0000, Rick wrote:
    >
    >> "The vulnerability can only be exploited by someone who has already been
    >> given a user account on the Linux machine,"

    >
    >You mean that it doesn't happen like in Windows


    No.

    Now shut the **** up, pizza bitch.


  10. Re: Linux kernel vulnerability is behind Debian attack

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    ["Followup-To:" header set to comp.os.linux.advocacy.]
    On Thu, 11 Dec 2003 08:29:25 +1300,
    jeremyn wrote:
    > Luca wrote:
    >
    >> On Wed, 10 Dec 2003 11:17:17 +0000, Rick wrote:
    >>
    >>
    >>>"The vulnerability can only be exploited by someone who has already been
    >>>given a user account on the Linux machine,"

    >>
    >>
    >> You mean that it doesn't happen like in Windows where viruses (like
    >> CodeRed) can enter inside your box whenever they feel like, damage it
    >> and use your computer as lauch base to infect other Windows boxes?
    >> You mean that to use this exploit (promptly fixed by the opensource
    >> community) you first need to find a way to get control of an user
    >> account? Not like in Windows when all you have to do to get infected
    >> is read an email or visit a website?
    >>
    >> LOL
    >>
    >> Bye, Luca
    >>

    >
    > Look, it's still a vulnerability though isn't it? Hell, if someone
    > gets hold of some dumbass who runs the ssh daemon or even telnetd
    > publicaly assesible, gets a normal user account, and then exploits
    > this, they have root don't they.



    Yes, it's a vulnerability, and a rather bad one, patch it. Problem
    solved.


    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.2.3 (GNU/Linux)

    iD8DBQE/14Wod90bcYOAWPYRAt7hAKDQVFIQZVWvtyXezKG0sKGYXE8ORQ Cfayze
    cgKWFGCr1fDpF5zOQmm5X6c=
    =D6ez
    -----END PGP SIGNATURE-----

    --
    Jim Richardson http://www.eskimo.com/~warlock
    Gravity is unforgiving.

  11. Re: Linux kernel vulnerability is behind Debian attack

    On Wed, 10 Dec 2003 20:06:13 +0000, restart wrote:

    > On Wed, 10 Dec 2003 23:28:42 +1300, jeremyn
    > wrote:
    >
    >>Look, at least you heard it existed, right?

    >
    > Yeah, you linux idiots kept on trying to hide such things, welcome to
    > the real world.
    >
    >
    >>Patch follows. GPL licensed, etc.

    >
    > You have Linux looney advocates that claim that they don't need patches
    > or they don't exist on Linux.


    Umm... I don't recall hearing _any_ Linux advocate suggest that updates,
    patches and fixes aren't a normal part of day-to-day operations, except in
    very limited cases (eg an internal server may not need umpteen security
    updates, if the only people who have acceess to it are trusted.)

    The bone of contention with Windows patches isn't even that there are so
    many of them. Rather, it's threefold: a) they don't actually fix many of
    the known, existing issues, b) they have been known to actually cause
    bigger problems than they solve, and c) they generally require rebooting
    the system - which does nobody any good on a server.



  12. Re: Linux kernel vulnerability is behind Debian attack

    On Thu, 11 Dec 2003 08:29:25 +1300, jeremyn wrote:

    > Luca wrote:
    >
    >> On Wed, 10 Dec 2003 11:17:17 +0000, Rick wrote:
    >>
    >>
    >>>"The vulnerability can only be exploited by someone who has already been
    >>>given a user account on the Linux machine,"

    >>
    >>
    >> You mean that it doesn't happen like in Windows where viruses (like
    >> CodeRed) can enter inside your box whenever they feel like, damage it and
    >> use your computer as lauch base to infect other Windows boxes?
    >> You mean that to use this exploit (promptly fixed by the opensource
    >> community) you first need to find a way to get control of an user account?
    >> Not like in Windows when all you have to do to get infected is read an
    >> email or visit a website?
    >>
    >> LOL
    >>
    >> Bye,
    >> Luca
    >>

    >
    > Look, it's still a vulnerability though isn't it? Hell, if someone gets
    > hold of some dumbass who runs the ssh daemon or even telnetd publicaly
    > assesible, gets a normal user account, and then exploits this, they have
    > root don't they.


    Gee.. anyone sitting down in front of you computer can do some fairly
    damaging things too.
    --
    Rick


  13. Re: Linux kernel vulnerability is behind Debian attack

    On Wed, 10 Dec 2003 20:07:43 GMT, go@****.yourself wrote:

    >(snip)


    *plonk*


+ Reply to Thread