Flaw pops up in Linux kernel
Takeaway: A flaw in the operating system's core component could be used to make systems crash. But there are fixes.
Stay on top of the latest tech news with our free IT News Digest e-newsletter, delivered each weekday. Automatically sign up today!By
Robert Lemos
CNET News.com
Linux users have been urged to fix a flaw in the core component of the open-source operating system, following the public release of code that could be used to crash Linux systems.
The flaw, found by two software programmers, could give a user with access to a Linux system the ability to crash the system using two dozen lines of code written in the C programming language, said
"Assume your kernel is (vulnerable) unless you have good reason to believe it is safe," Oyvind Saether, one of the discoverers of the flaw, said in the advisory.
The program, dubbed "evil.c," causes problems with the code sent to the floating-point unit, the part of the processor that handles noninteger calculations, according to a note in a source code patch published by Linux founder Linus Torvalds.
The open-source Linux operating system has fallen prey to its share of flaws and attacks this year. Several flaws were
Researchers also found flaws in the OpenSSL software used by many Linux distributions to enable secure Internet communications.
On Monday, staffers associated with Red Hat's community-based distribution, Fedora, released an update to Fedora Core 2, to fix the latest problem. The kernel patch has also been included in the latest release candidate of the Linux kernel, 2.6.7-RC3, which is expected to be released soon.
Other distributions of Linux should be fixed this week as well.
Andrew Morton, the maintainer of the Linux 2.6 kernel, promised a fix within 48 hours and said the flaw was not very serious.
"Bugs wherein local users can lock the machine up are not uncommon, and local users have always been able to bring a machine to its knees anyway--say, by using up all the memory," he said.
Morton said the discoverers of the flaw didn't give the kernel team any notice before releasing the code to take advantage of the problem--a no-no in the security community.
Print/View all Posts Comments on this article
Not Ethically Justifiable
Larry.Barnhill@... | 06/16/04
|
 
Seems to lean dark
chameleon186@... | 06/22/04
|
|
"Never attribute to malice..."
gg5653@... | 06/22/04
|
White Papers, Webcasts, and Downloads
- Five Steps to Determine When to Virtualize YourServers VMware Thinking of virtualizing the servers at your company? Use this step-by-step guide to determine when's the best time to make your big move. Download Now
- Why Isn't Server Virtualization Saving Us More? A Few Small Changes May Dramatically Increase Your Efficiency VMware Ever wonder why your company isn't saving more from its server virtualization? Making a few small changes could dramatically increase your efficiency. Download Now
- Email Security and Archiving - Clearer in the Cloud Google The time is NOW for businesses and organizations of all sizes to implement ... Download Now
- The True Costs of Virtual Server Solutions VMware Discover ways to streamline and simplify your assessment of the total acquisition costs of a server virtualization environment. Download Now
- VMware Infrastructure: A Guide to Bottom-Line Benefits VMware Frustrated by the high cost of maintaining or building ever-larger data centers? Get the facts you need to formulate your Virtualization Action Plan. Download Now
Article Categories
- Security
- Security Solutions, IT Locksmith
- Networking and Communications
- E-mail Administration NetNote, Cisco Routers and Switches
- CIO and IT Management
- Project Management, CIO Issues, Strategies that Scale
- Desktops, Laptops & OS
- Windows 2000 Professional, Microsoft Word, Microsoft Excel, Microsoft Access, Windows XP,
- Data Management
- Oracle, SQL Server
- Servers
- Windows NT, Linux NetNote, Windows Server 2003
- Career Development
- Geek Trivia
- Software/Web Development
- Web Development Zone, Visual Basic, .NET
