Linux Kernel Compromise "Was Not Debian Specific." | Virtualization Journal

Search

Virtualization Authors: Jason Bloomberg, Pat Romanski, Dana Gardner, Liz McMillan, Maureen O'Gara

Related Topics: Linux

Linux: Article

Linux Kernel Compromise "Was Not Debian Specific."

Linux Kernel Compromise "Was Not Debian Specific."

By Linux News Desk	Article Rating:
December 1, 2003 12:00 AM EST	Reads:	19,146

Related
Print
Email
Feedback
Add This
Blog This

In a "Debian Security Advisory" dated today, the Debian Project's security team states:

CIO, CTO & Developer Resources

Recently multiple servers of the Debian project were compromised using a Debian developers account and an unknown root exploit. Forensics revealed a burneye encrypted exploit. Robert van der Meulen managed to decrypt the binary which revealed a kernel exploit. Study of the exploit by the Red Hat and SuSE kernel and security teams quickly revealed that the exploit used an integer overflow in the brk system call. Using this bug it is possible for a userland program to trick the kernel into giving access to the full kernel address space. This problem was found in September by Andrew Morton, but unfortunately that was too late for the 2.4.22 kernel release.

This bug has been fixed in kernel version 2.4.23 for the 2.4 tree and 2.6.0-test6 kernel tree. For Debian it has been fixed in version 2.4.18-12 of the kernel source packages, version 2.4.18-14 of the i386 kernel images and version 2.4.18-11 of the alpha kernel images.

The advisory then gives full upgrade instructions.

Published December 1, 2003 – Reads 19,146
Copyright © 2003 SYS-CON Media, Inc. — All Rights Reserved.
Syndicated stories and blog feeds, all rights reserved by the author.

Related
Print
Email
Feedback
Add This
Blog This

More Stories By Linux News Desk

SYS-CON's Linux News Desk gathers stories, analysis, and information from around the Linux world and synthesizes them into an easy to digest format for IT/IS managers and other business decision-makers.

Comments (0)

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.

Related Stories

Sybase Reports All-Time Best Ever Quarter and Year

Comments

Big Data – A Sea Change of Capabilities in IT

By Pat Romanski

Matt McLarty wrote: For more info... Follow me on Twitter See our website

May. 2, 2012 03:40 PM EDT

read more & respond »

Expo News

Cloud Expo Speaker Profile: James Weir

By Jeremy Geelan

10th Cloud Expo: Leading CxOs to Present

By Jeremy Geelan

Cloud Expo Speaker Profile: Greg O'Connor

By Jeremy Geelan

IBM Introduces Expert Integration Systems

By Elizabeth White

A–Z of Cloud Computing & Big Data

By Jeremy Geelan

The European Cloud Partnership

By Jeremy Geelan

Cloud Expo & Virtualization 2011 West

Keynotes

Opening Keynote | An Enterprise Cloud for Business-Critical Applications

Day 2 Keynote | The Enterprise Cloud Tightrope - Balancing for Success

Day 3 Keynote | The DNA of an Enterprise Cloud

DIAMOND SPONSOR:

Many Clouds, Many Choices'Cloud

PLATINUM PLUS SPONSORS:

Enterprise Cloud Best Practices - Town Hall - Join the discussion…

PLATINUM SPONSORS:

Progressing Toward the Federated, Automated and Client-Aware Cloud

How to build an app with Twitter-like throughput

Computing in the Cloud Era

GOLD SPONSORS:

Gale Technologies

Practical Cloud Migration

Re-think IT. Re-inventing Business.

Identity Driven Security in the Cloud

Hackers Hackers Everywhere, Is My Public Cloud That Safe?

Unlock the Value of the Cloud

Mission Critical Applications and the Cloud - Myth or Reality?

Not Your Grandpa's Cloud

Integrating Enterprise Clouds

Upgrade to a vCloud

POWER PANELS:

Cloud Expo Silicon Valley: CTO Power Panel

Cloud Expo Silicon Valley: CEO Power Panel

Cloud Expo Silicon Valley: Cloud SuperStars Panel

Cloud Expo Silicon Valley: CloudNOW Panel

Click For 2010 West
Event Webcasts

Cloud Expo & Virtualization 2011 East

DIAMOND SPONSOR:

Dell & VMware Deliver the Enterprise Hybrid Cloud

PLATINUM PLUS SPONSORS:

Are Financial Services Organizations Risking Security by Avoiding Cloud Computing?

From Consolidation to Enterprise Private PaaS

PLATINUM SPONSORS:

Driving the Transformation to Next Generation Cloud Data Centers

The Inevitability of an Open Cloud

GOLD SPONSORS:

CA Technologies

Follow YOUR path to Cloud Computing

Who Keeps the Cloud in the Air?

Patterns for Cloud Computing

War in the Clouds: Are you ready?

The Big Win: Stop Playing Small-Ball with Your Cloud Strategy

Evaluating Enterprise Clouds

Cloud Storage: Myths and Realities

POWER PANELS:

Cloud Expo New York: CTO Power Panel

Cloud Expo New York: CEO Power Panel

Cloud Expo New York: CMO Power Panel

Cloud Expo New York: Wrap-Up Power Panel

Click For 2010 West
Event Webcasts

Topics

From the Blogosphere

Industry News Desk

Infrastructure 2.0

Virtualization & Government IT

Virtualization Conference & Expo News Desk

Virtualization Editorial

Is Your Business 100% Ready for the New Era of Cloud Computing and Big Data?
The Only Enterprise IT Event in 2012 Covering the Entire Scope of both Cloud & Big Data

Come to New York and get yourself up to date with the Big Data revolution! As advanced data storage, access and analytics technologies aimed at handling high-volume and/or fast moving data all move center stage, aided by the Cloud Computing boom, Cloud Expo is the single most effective event for you to learn how to use you own enterprise data – processed in the Cloud – most effectively to drive value for your business.

There is little doubt that Big Data solutions will have an increasing role in the Enterprise IT mainstream over time. Get a jump on that rapidly evolving trend at Big Data Expo, which we are introducing in June at Cloud Expo New York.

Cloud Expo was announced on February 24, 2007, the day the term "cloud computing" was coined. That same year, the first Cloud Expo took place in New York City with 450 delegates. Next June, Cloud Expo is returning to New York with more than 10,000 delegates and over 600 sponsors and exhibitors.

"Cloud" has become synonymous with "computing" and "software" in two short years. Cloud Expo is the new PC Expo, Comdex, and InternetWorld of our decade. By 2012, more than 50,000 delegates per year will participate in Cloud Expo worldwide.

The cloud is certainly a compelling alternative to running all applications within a traditional corporate data center. But moving from theory into practice is where things get complicated, and this is where attending a top industry event like Cloud Expo comes in.

No one can take full advantage of cloud computing without first becoming familiar with the latest issues and trends, which is why the organizing principle of the 10th International Cloud Conference & Expo on June 11-14, 2012 - is to ensure - through an intensive four-day schedule of keynotes, general and breakout sessions, and our bustling Expo Floor - that attending delegates leave the Javits Center with abundant resources, ideas and examples they can apply immediately to leveraging the Cloud, helping them to maximize performance, minimize cost and improve the scalability of their Enterprise IT endeavors.

Delegates will leave Cloud Expo with dramatically increased understanding the entire scope of the entire cloud computing spectrum from storage to security.

Whether you're an enterprise or small to medium business, you'll soon be benefiting from the Cloud. Join your peers in New York City June 11-14, and maximize those benefits already in 2012. See you in New York City!

Register Now!
Save $500 on your “Golden Pass”! Call 201.802.3020
or click here to Register
Early Bird Expires Friday.

Speaker Opportunities
Submit your speaking proposal for the upcoming Cloud Expo in New York City
[June 11-14, 2012]

Exhibitor Info
Please Call 201.802.3021
events (at) sys-con.com.
Carmen Gonzalez,
carmen (at) sys-con.com.

Produced and presented by Cloud Expo, Inc.

close this window