ZDNet UK


Skip to Main Content

ZDNet.co.uk - Winner of Best Business Website 2007
  1. Home
  2. News
  3. Blogs
  4. Reviews
  5. Prices
  6. Resources
  7. Community
  8. My ZDNet

 

ZDNet UK RSS Feeds


IT Jobs

Desktop platforms Toolkit in association with http://ad.doubleclick.net/clk;205413468;14699245;m?http://adfarm.mediaplex.com/ad/ck/2397-58840-22058-14

Rogue code can take down Linux systems

Published: 16 Jun 2004 08:55 BST

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

Linux users have been urged to fix a flaw in the core component of the open-source operating system, following the public release of code that could be used to crash Linux systems.

The flaw, found by two software programmers, could give a user with access to a Linux system the ability to crash the system using two dozen lines of code written in the C programming language, said an advisory posted over the weekend on linuxreviews.

"Assume your kernel is (vulnerable) unless you have good reason to believe it is safe," Oyvind Saether, one of the discoverers of the flaw, said in the advisory.

The program, dubbed "evil.c," causes problems with the code sent to the floating-point unit, the part of the processor that handles noninteger calculations, according to a note in a source code patch published by Linux founder Linus Torvalds.

The open-source Linux operating system has fallen prey to its share of flaws and attacks this year. Several flaws were found in the Concurrent Versions System, CVS, a commonly used application for managing open-source code under development. In March and April, online attackers targeted Linux and Solaris systems at many academic high-performance computing centres.

Researchers also found flaws in the OpenSSL software used by many Linux distributions to enable secure Internet communications.

On Monday, staffers associated with Red Hat's community-based distribution, Fedora, released an update to Fedora Core 2, to fix the latest problem. The kernel patch has also been included in the latest release candidate of the Linux kernel, 2.6.7-RC3, which is expected to be released soon.

Other distributions of Linux should be fixed this week as well.

Andrew Morton, the maintainer of the Linux 2.6 kernel, promised a fix within 48 hours and said the flaw was not very serious.

"Bugs wherein local users can lock the machine up are not uncommon, and local users have always been able to bring a machine to its knees anyway -- say, by using up all the memory," he said.

Morton said the discoverers of the flaw didn't give the kernel team any notice before releasing the code to take advantage of the problem -- a no-no in the security community.

  • Email
  • Trackback
  • Clip Link
  • Print friendly Print with Dell

Did you find this article useful?
45 out of 104 people found this useful



Company/Topic Alerts

Create a new alert from the list below:







Related Jobs

PHD COMPUTER / MACHINE VISION - OXFORD

My client is seeking a PhD qualified Software Engineer with degree from a reputable University with specialist skills in the Computer / Machine ...

Equities & FIX Application Support Specialist - Contract

Working knowledge of the FIX protocol (versions 4.0; 4.2 and 4.4). My Client has a requirement for an Equity and Exchange Connectivity Support ...

FIX CONNECTIVITY - LONDON - PERMANENT

FIX Support Engineer with strong client facing skills required for a leading boutique financial software organisation. An in-depth knowledge of FIX ...

Featured Talkback

So if you upgrade to XP SP3 you can't uninstall Internet Explorer, I'm quite sure I'm having a Deja-vu feeling about MS preventing people from uninstalling Internet Explorer in other Windows products.

By: TheKLF99

Read full story:
Upgraders to XP SP3 warned over IE downgrades

Desktop Management Benchmarking

Test Your Desktop Management Systems

How good are your company's desktop management solutions? How do they compare with those of your peers?

Take two minutes to complete our new Desktop Management and Energy Consumption benchmark, and find out what issues your business needs to focus on.