Linux devs exterminate security bugs from kernel
Ping of death killed again
Developers have exterminated two bugs from the Linux kernel that threatened the security of people using the open-source operating system.
The most serious of the two is remote denial-of-service vulnerability that made it possible for attackers to crash systems by sending them oversized packets. The underlying null pointer dereference flaw in the Linux kernel's IPv4 defragmentation process is "basically the ping of death from the 90s, reintroduced by some code-refactoring," Linux security guru Brad Spengler of grsecurity, told The Register.
The second bug could be used by unprivileged local users to gain root access over vulnerable boxes. The vulnerability stems from a flaw in the Ext4 file system. It can be exploited by users by overwriting arbitrary files.
The bugs, which appear to be patched in version 2.6.32 of the Linux kernel, were disclosed by David Ford and Akira Fujita. They are discussed on the official Linux website here and here. Linux distributor Ubuntu discusses them here and Red Hat has a discussion of them here and here. ®