Page 1 of 2 12 LastLast
Results 1 to 10 of 14

Thread: Flaw weakens Linux computers

  1. #1
    Mentor
    Join Date
    Jun 2001
    Posts
    1,672

    Flaw weakens Linux computers

    A flaw in a software-compression library used in all versions of Linux could leave the lion's share of systems based on the open-source operating system open to attack, said sources in the security community on Monday.

    http://zdnet.com.com/2100-1104-857031.html

  2. #2

    Re: Flaw weakens Linux computers

    Damn it. Thats pretty serious.

  3. #3

    Re: Flaw weakens Linux computers

    zlib has been patched allready. Please update ASAP with your favorite binary package manager OR get the latest source from zlib and remove traces of the old install.

  4. #4
    Mentor coltrane's Avatar
    Join Date
    May 2001
    Location
    North Carolina
    Posts
    1,390

    Re: Flaw weakens Linux computers

    that was fast

  5. #5

    Re: Flaw weakens Linux computers

    Welcome to the world of open source, friend

    --edit--

    Hmmmm, read the talkbacks on that article, it's major FUD.

    First of all, this exploit affects every OS using zlib, not just linux. Yes, that includes windows.

    Secondly, even if this is any kind of major exploit, worst case scenario for a linux user is that you lose your personal files: unless you ran the exploit code as root, your system is unharmed. In windows everybody is root and the exploit would be much, much more catastrophic.

    Thirdly, even if this is a major exploit, the fix was released the same day the exploit was discovered. There is an exploit for IE5.5 that allows any HTML file to run any arbitrary code even when scripting is disabled and security settings are maxed out in the browser. It has been weeks, if not months, and MS hasn't even acknowledged that the exploit exists.

    Chalk another victory up for Open Source, boys.

  6. #6

    Re: Flaw weakens Linux computers


    Welcome to the world of open source, friend

    --edit--

    Hmmmm, read the talkbacks on that article, it's major FUD.

    First of all, this exploit affects every OS using zlib, not just linux. Yes, that includes windows.
    Not really. It affects all GNU-based OSes. It has to do with the way glibc handles malloc(), not something in zlib specifically. glibc does not do well when memory if free()'ed more than once, and that's the source of the problem. It should be noted that glibc does have a way of dealing with this problem, but it is a little obscure, and the gcc dev. team does say that it's not very efficient.
    Secondly, even if this is any kind of major exploit, worst case scenario for a linux user is that you lose your personal files: unless you ran the exploit code as root, your system is unharmed. In windows everybody is root and the exploit would be much, much more catastrophic.
    This exploit is not exactly the easiest exploit in the world. Far from it. The exploit mentioned is actually very difficult to take advantage of, but if it was, it could be serious.

  7. #7

    Re: Flaw weakens Linux computers

    Correct, OpenBSD was not vulnurable to the attack.

  8. #8
    Guest

    Re: Flaw weakens Linux computers

    Thank god for source access and peer review.

    at any time
    Linux > Windows

  9. #9

    Re: Flaw weakens Linux computers

    Feztaa-- You included a link to my site in your post! Howd you find my site? Just curious because it was so weird I just put the site up 2 days ago and theres a link to it! It was pretty cool, thanks

  10. #10

    Re: Flaw weakens Linux computers


    Feztaa-- You included a link to my site in your post! Howd you find my site? Just curious because it was so weird I just put the site up 2 days ago and theres a link to it! It was pretty cool, thanks
    cloverm found it very quickly, there's a thank you in member to member for the link to LJR.

    if this affects windows as well would anyone like to start a sweepstake on when they fix it?

Similar Threads

  1. Replies: 0
    Last Post: 01-10-2006, 02:44 PM
  2. Linux users warned over Firefox flaw
    By trickster in forum Linux - Software, Applications & Programming
    Replies: 3
    Last Post: 09-25-2005, 12:49 AM
  3. I discovered another IE flaw
    By cloverm in forum Windows - General Topics
    Replies: 7
    Last Post: 02-14-2004, 04:05 AM
  4. Linux flaw opens door in firewalls
    By cloverm in forum General Chat
    Replies: 0
    Last Post: 03-01-2002, 12:24 PM
  5. Linux servers at risk from 'serious' flaw
    By cloverm in forum Linux - Software, Applications & Programming
    Replies: 4
    Last Post: 12-02-2001, 01:29 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •