Buffer overflow bug in NDISwrapper

Nov 10, 2008 12:12 GMT  ·  By

A few days after the Linux kernel regression announced by the Ubuntu developers on October 30th, they discovered two nasty problems in the Linux kernel packages of Ubuntu 8.10, that could "help" an attacker execute malicious code as root (system administrator), or caused DoS (Denial of Service) attacks to hang or crash a vulnerable system. Even if this regression, found in the Ubuntu 8.10 Linux kernel packages, was discovered on November 5th, we wanted to inform and encourage users of the Ubuntu 8.10 (Intrepid Ibex) operating system to update their systems as soon as possible.

The first vulnerability was found by the Ubuntu developers, and it could lead to temporarily system hangs when the user tried to mount a "corrupted" ext2 or ext3 filesystem. "If a user were tricked into mounting a specially crafted filesystem, a remote attacker could cause system hangs, leading to a denial of service." - said the Ubuntu developers.

The second vulnerability was reported by Anders Kaseorg, who discovered that the NDISwrapper package, a tool to load Windows drivers for wireless network cards, couldn't process long ESSIDs (Extended Service Set Identifier), leading to system crashes. For example, an attacker could generate malformed wireless network traffic to crash a vulnerable system by executing arbitrary code, as root (system administrator).

These Linux kernel vulnerabilities can be fixed if you update your system to the following specific packages:

linux-image-2.6.27-7-generic 2.6.27-7.16 linux-image-2.6.27-7-server 2.6.27-7.16 linux-image-2.6.27-7-virtual 2.6.27-7.16

Don't forget to reboot your computer after this update!

About Ubuntu:

Ubuntu (an African word meaning “Humanity to others”) is the ultimate operating system, developed by an entire open source community. Ubuntu is perfect for laptops, desktops and servers. It includes all the software you will need, from web browser, e-mail client and word processing, to games, programming tools and web server software. Ubuntu OS can be used at home, in a business environment, in public schools, hospitals, etc. The best part of all this is that Ubuntu is, and will always be, free of charge.

Get the latest version of Ubuntu right now from Softpedia. Don't forget to share it with your friends and family.