Homepage tabWindows tabGames tabDrivers tabMac tabLinux tabScripts buttonMobile tabHandheld tabGadgets tabNews tab


NEWS CATEGORIES:



NEWS ARCHIVE >>
SOFTPEDIA REVIEWS >>
MEET THE EDITORS >>
Home / News / Linux

Linux

Linux Kernel Vulnerability in Ubuntu 8.10. Update Today.

Buffer overflow bug in NDISwrapper

By Marius Nestor, Linux Editor

10th of November 2008, 12:12 GMT

Adjust text size:


Ubuntu 8.10
Enlarge picture
A few days after the Linux kernel regression announced by the Ubuntu developers on October 30th, they discovered two nasty problems in the Linux kernel packages of Ubuntu 8.10, that could "help" an attacker execute malicious code as root (system administrator), or caused DoS (Denial of Service) attacks to hang or crash a vulnerable system. Even if this regression, found in the Ubuntu 8.10 Linux kernel packages, was discovered on November 5th, we wanted to inform and encourage users of the Ubuntu 8.10 (Intrepid Ibex) operating system to update their systems as soon as possible.

The first vulnerability was found by the Ubuntu developers, and it could lead to temporarily system hangs when the user tried to mount a "corrupted" ext2 or ext3 filesystem. "If a user were tricked into mounting a specially crafted filesystem, a remote attacker could cause system hangs, leading to a denial of service." - said the Ubuntu developers.

The second vulnerability was reported by Anders Kaseorg, who discovered that the NDISwrapper package, a tool to load Windows drivers for wireless network cards, couldn't process long ESSIDs (Extended Service Set Identifier), leading to system crashes. For example, an attacker could generate malformed wireless network traffic to crash a vulnerable system by executing arbitrary code, as root (system administrator).

These Linux kernel vulnerabilities can be fixed if you update your system to the following specific packages:

linux-image-2.6.27-7-generic 2.6.27-7.16
linux-image-2.6.27-7-server 2.6.27-7.16
linux-image-2.6.27-7-virtual 2.6.27-7.16

Don't forget to reboot your computer after this update!

About Ubuntu:

Ubuntu (an African word meaning “Humanity to others”) is the ultimate operating system, developed by an entire open source community. Ubuntu is perfect for laptops, desktops and servers. It includes all the software you will need, from web browser, e-mail client and word processing, to games, programming tools and web server software. Ubuntu OS can be used at home, in a business environment, in public schools, hospitals, etc. The best part of all this is that Ubuntu is, and will always be, free of charge.

Get the latest version of Ubuntu right now from Softpedia. Don't forget to share it with your friends and family.

TAGS:

 Ubuntu kernel vulnerability | Linux kernel regression | NDISwrapper bug | Ubuntu Linux | Intrepid Ibex
Read by 5,591 user(s) | Add comment | Link to this article TWEET THIS


Article rating:
Excellent (5.0/5) 3 vote(s)    

Subscribe to news | Print article | Send to friend

© Copyright 2001-2009 Softpedia
Contact:

 

 

SEARCH THE NEWS ARCHIVE :




Today's News | Yesterday's News | News Archive


MORE RELATED ARTICLES:


Linux Kernel Regression in Ubuntu 8.10. Upgrade Now.

Installing Ubuntu 8.10

Ubuntu 9.04 Release Schedule

Ubuntu 8.10 Released

How to Install OpenOffice.org 3.0 on Ubuntu 8.10

Ubuntu 8.10 Free CDs: Orders Are Taken Now

How Ubuntu Server Edition Is Used

Ubuntu 7.04 No Longer Supported

User opinions:


Comment #1 by: Lee on 11 Nov 2008, 02:41 GMT reply to this comment

I am impressed with the amount of time it took (or rather, didn't) to find this vulnerability. If this were Windows, this probably would have went unseen for much longer, allowing for more attacks. Congrats, team!


Comment #2 by: Nemes Sorin on 14 Nov 2008, 20:53 GMT reply to this comment

Yep, after 8.10 launch I can say now Ubuntu is faster than XP ( tested in many configurations with my friends [ flash player 10 rock.. ].

Right now I am using a Vodafone 3G usb card to connect to Internet - which work out of the box, unlike under XP. In fact for a clean Ubuntu install you can have a better hardware compatibility now than with XP ( and yes I talk about drivers here ).

Share your opinion:

Your Name:
Your Email Address:
(will not be used for commercial purposes)
Solve this to prove you're not a bot: =
Your review/opinion:

 




Windows tabGames tabDrivers tabMac tabLinux tabScripts tabMobile tabHandheld tabGadgets tabNews tab

SUBMIT PROGRAM   |   ADVERTISE   |   GET HELP   |   SEND US FEEDBACK   |   RSS FEEDS   |   ENTER NEWS SITE   |   ENGLISH BOARD   |   ROMANIAN FORUM
© 2001 - 2009 Softpedia. All rights reserved.
Softpedia® and the Softpedia® logo are registered trademarks of SoftNews NET SRL.		 Copyright Information | Privacy Policy | Terms of Use | Update your software | Archive