Greyhat hackers from Goatse Security have published the details of a dangerous denial of service (DoS) vulnerability affecting many Linux distributions.The flaw can be exploited by tricking users into opening an overly-long, specially-crafted apt:// URL in a browser that supports the protocol.
"This bug is delightfully trivial to deploy. Just write a normal HTML page containing an iframe that takes a 10000 character apt:// URL as its source," the hackers write.
Because the Advanced Packaging Tool (APT) is a common Linux software manager application a large number of distributions are affected.
These includes the popular Debian, Ubuntu, Fedora, Red Hat Enterprise Linux and SUSE Linux Enterprise Desktop, but also Alinex, BLAG Linux and GNU, CentOS, ClearOS, DeMuDi, Feather Linux, Foresight Linux, gnuLinEx. gNewSense, Kaella, Knoppix, Linspire, Linux Mint, Musix, GNU/Linux, Parsix, Scientific Linux and Ututo.
Successful exploitation of the vulnerability crashes the X session with an "Unexpected X error: BadAlloc (insufficient resources for operation) serial 1779 error_code 11 request_code 53 minor_code 0)" error.
In addition to this denial of service vulnerability the Goatse Security greyhats also released an exploit for a theme rendering bug in GNOME which makes buttons disappear and leaves users with relogin as the only option.
Some people might remember Goatse Security as the group whose members exploited a vulnerability on AT&T's website in June 2010 to harvest a list of email addresses belonging to iPad 3G owners.
The list included several high-profile individuals like New York City Mayor Michael Bloomberg, former White House chief of staff Rahm Emanuel and Hollywood producer Harvey Weinstein.
Andrew Auernheimer, 25, of Fayetteville, Arkansas, and Daniel Spitler, 26, of San Francisco, California, were arrested and charged with fraud and conspiracy to access a computer without authorization over the incident.
The hacking group previously disclosed serious zero-day vulnerabilities in Apple's Safari and Mozilla Firefox browsers which were later exploited in the wild.