You are here: silicon.com > Management > IT Pro

IT Pro

Linux flaw exposes crash code threat

Open (to abuse) source...

By Robert Lemos

Published: 17 June 2004 08:55 GMT

Linux users have been urged to fix a flaw in the core component of the open-source operating system, following the public release of code that could be used to crash Linux systems.

The flaw, found by two software programmers, could give a user with access to a Linux system the ability to crash the system using two dozen lines of code written in the C programming language, said an advisory posted over the weekend on linuxreviews.

"Assume your kernel is [vulnerable] unless you have good reason to believe it is safe," Oyvind Saether, one of the discoverers of the flaw, said in the advisory.

The program, dubbed "evil.c", causes problems with the code sent to the floating-point unit, the part of the processor that handles noninteger calculations, according to a note in a source code patch published by Linux founder Linus Torvalds.

The open-source Linux operating system has fallen prey to its share of flaws and attacks this year. Several flaws were found in the Concurrent Versions System, CVS, a commonly used application for managing open-source code under development. In March and April, online attackers targeted Linux and Solaris systems at many academic high-performance computing centres.

Researchers also found flaws in the OpenSSL software used by many Linux distributions to enable secure Internet communications.

On Monday, staffers associated with Red Hat's community-based distribution, Fedora, released an update to Fedora Core 2, to fix the latest problem. The kernel patch has also been included in the latest release candidate of the Linux kernel, 2.6.7-RC3, which is expected to be released soon.

Other distributions of Linux should be fixed this week as well.

Robert Lemos writes for News.com

  1. Zones
  2. Management
  3. Networks
  4. Software
  5. IT Services
  6. Hardware
  1. Verticals
  2. Public Sector
  3. Financial Services
  4. Retail & Leisure

  • Jobs
Linux Kernel Engineer Needed - 45,000 - South West

The role will require specific experience working at the Kernel level of the operating system, along with C or C++ coding. Key Skills: C/C++ Embedded ...

Business Systems Platform Support Engineer

Key accountabilities To manage the provision of Linux operating system to support the Business System community To provide technical support to the ...

Java Developer

You will be responsible for bug and patch fixing of core products as well as development of new products. (Java, J2SE, Developer, Open Source, Perl, ...

Agenda Setters 2009
Welcome to the ninth annual Agenda Setters poll – silicon.com's list of the top 50 most influential individuals in the technology and IT industries, from techies and CIOs to entrepreneurs and business leaders. Find out more in our latest special report.





Quick Sitemap Links: