Re: Remote buffer overflow bug in kernel
Antonio Olivares wrote: Only users which run ndiswrapper on Fedora systems sould be concerned. They should be concerned anyway. The ndiswrapper code does not play nicely with 4k kernel mode stacks which have been the standard on Fedora kernels for years now. Windows NDIS drivers expect to have up to 12k of stack available to them and anyone who crowbars ndiswrapper into a standard Fedora kernel is asking for it to randomly blow up in their face. Regards, Bryn. -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: Remote buffer overflow bug in kernel
Antonio Olivares writes: Dear all, There has been a bug in the kernel with a buffer overflow in kernel, \begin{quote} A remote buffer overflow vulnerability in the Linux Kernel could be exploited by attackers to execute code or cripple affected systems, according to a Gentoo bug report that just became public. The flaw could allow malicious hackers to launch arbitrary code with kernel-level privileges. This could lead to complete system compromise or, in some cases if an exploit fails, result in denial-of-service attacks. \end{quote} More at http://blogs.zdnet.com/security/?p=2121 Q: Will we see an updated kernel soon that addresses this issue? Is it a real bug or just on Gentoo? RTFA: •Anders Kaseorg discovered that ndiswrapper did not correctly handle long ESSIDs. If ndiswrapper is in use, a physically near-by attacker could generate specially crafted wireless network traffic and crash the system, leading to a denial of service. If you're using ndiswrapper for a wireless card, you're boned. Just consider it as yet another cost of bending over to accomodate non-free binary blob device drivers, instead of giving your business to Linux-friendly hardware manufacturers which actively support the free software community. This is not a kernel bug, this is a bug in ndiswrapper, so there won't be any kernel updates for Fedora. The fix will have to be in ndiswrapper, which is not part of Fedora proper. pgpot9Pkxhh9t.pgp Description: PGP signature -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: Remote buffer overflow bug in kernel
--- On Wed, 11/5/08, Alan Cox <[EMAIL PROTECTED]> wrote: > From: Alan Cox <[EMAIL PROTECTED]> > Subject: Re: Remote buffer overflow bug in kernel > To: [EMAIL PROTECTED], "Community assistance, encouragement, and advice for > using Fedora." > Cc: [EMAIL PROTECTED] > Date: Wednesday, November 5, 2008, 3:09 PM > On Wed, 5 Nov 2008 14:01:03 -0800 (PST) > Antonio Olivares <[EMAIL PROTECTED]> wrote: > > > Dear all, > > > > There has been a bug in the kernel with a buffer > overflow in kernel, > > No there has not, its just the usual standard of > "journalism" on the net. > > > Is it a real bug or just on Gentoo? > > Some random out of kernel third party code has a bug > (ndiswrapper). If > you use it you need to ask said third party vendor for > advice. > > Alan True! Sorry for hitting send too quickly :( I did not read enough to find out that only systems with ndiswrapper which is not part of official Fedora kernels. I am sorry for causing trouble. I apologize to all. Only users which run ndiswrapper on Fedora systems sould be concerned. Regards, Antonio -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: Remote buffer overflow bug in kernel
--- On Wed, 11/5/08, Mike Cronenworth <[EMAIL PROTECTED]> wrote: > From: Mike Cronenworth <[EMAIL PROTECTED]> > Subject: Re: Remote buffer overflow bug in kernel > To: [EMAIL PROTECTED], "Community assistance, encouragement, and advice for > using Fedora." > Date: Wednesday, November 5, 2008, 2:20 PM > ---- Original Message -------- > Subject: Remote buffer overflow bug in kernel > From: Antonio Olivares <[EMAIL PROTECTED]> > To: fedora-list@redhat.com > Date: 11/05/2008 04:01 PM > > > Dear all, > > > > There has been a bug in the kernel with a buffer > overflow in kernel, > > The bug report[1] states that it is an ndiswrapper issue. > Fedora AFAIK does not support ndiswrapper as it is a kernel > module that is not upstream. Fedora shouldn't have > anything to worry about. > > If you use ndiswrapper, you should check upstream or see if > Gentoo has already done so, which I bet they have. > > [1] http://bugs.gentoo.org/show_bug.cgi?id=239371 I overlooked that part. Sorry for clicking send too quickly. IT is only with ndiswrapper and Fedora does not ship it by default. Only users that run it should worry about this and/or disable wireless. Regards, Antonio -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: Remote buffer overflow bug in kernel
On Wed, 5 Nov 2008 14:01:03 -0800 (PST) Antonio Olivares <[EMAIL PROTECTED]> wrote: > Dear all, > > There has been a bug in the kernel with a buffer overflow in kernel, No there has not, its just the usual standard of "journalism" on the net. > Is it a real bug or just on Gentoo? Some random out of kernel third party code has a bug (ndiswrapper). If you use it you need to ask said third party vendor for advice. Alan -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: Remote buffer overflow bug in kernel
Original Message Subject: Remote buffer overflow bug in kernel From: Antonio Olivares <[EMAIL PROTECTED]> To: fedora-list@redhat.com Date: 11/05/2008 04:01 PM Dear all, There has been a bug in the kernel with a buffer overflow in kernel, The bug report[1] states that it is an ndiswrapper issue. Fedora AFAIK does not support ndiswrapper as it is a kernel module that is not upstream. Fedora shouldn't have anything to worry about. If you use ndiswrapper, you should check upstream or see if Gentoo has already done so, which I bet they have. [1] http://bugs.gentoo.org/show_bug.cgi?id=239371 -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Remote buffer overflow bug in kernel
Dear all, There has been a bug in the kernel with a buffer overflow in kernel, \begin{quote} A remote buffer overflow vulnerability in the Linux Kernel could be exploited by attackers to execute code or cripple affected systems, according to a Gentoo bug report that just became public. The flaw could allow malicious hackers to launch arbitrary code with kernel-level privileges. This could lead to complete system compromise or, in some cases if an exploit fails, result in denial-of-service attacks. \end{quote} More at http://blogs.zdnet.com/security/?p=2121 Q: Will we see an updated kernel soon that addresses this issue? Is it a real bug or just on Gentoo? Thanks, Antonio -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines