October 27, 2004
Suse warns of hole in Linux kernel
Linux hole could allow attackers to shut down systems running 2.6-based software
Recommend ThisLinux distributor Suse has warned of one of the most serious security holes to date in Version 2.6 of the Linux kernel, which could allow attackers to shut down a system running 2.6-based software.
The 2.6 kernel, completed at the end of last year, brings a number of enterprise-friendly features to Linux, but is still in the early stages of rolling out in commercial products. While a number of Linux vendors have released software for technical enthusiasts running the new kernel, Suse, which is owned by Novell Inc., is one of the few offering an enterprise product based on 2.6.
Red Hat Inc., for example, has backported many of the more important 2.6 features to the 2.4 kernel for use in Red Hat Enterprise Linux (RHEL), arguing that the older kernel is more stable. MandrakeSoft SA has introduced 2.6 into enthusiast, but not enterprise offerings. Suse claimed to be the first to introduce 2.6 into a retail Linux operating system in the spring of this year with Suse Linux 9.1.
The problem lies in the way the kernel handles iptables firewall logging, and only affects systems with iptables-based firewalls, such as SUSEfirewall2, Suse said. An attacker could use a malformed packet to shut down the system, according to Suse's advisory, which ranked the bug nine out of 10 in severity.
As an alternative to updating the kernel, users can disable firewall logging of IP and TCP options, but this isn't recommended. Suse said. Products running the older 2.4 kernel -- including the enterprise server products from Red Hat and MandrakeSoft -- aren't affected.
The bug affects Suse Linux 9.1 and Suse Linux Enterprise Server (SLES) 9; Suse Linux 9.2 isn't affected because the version of the kernel it uses, 2.6.8, already contains a fix.
At the same time, Suse patched a less serious flaw that could have allowed a user to gain root privileges; this bug only affects SLES 9 on the S/390 platform.
In an advisory, Danish security firm Secunia gave the denial-of-service flaw only a moderately critical rating, because it does not allow attackers to compromise a system. This is only the second bug in 2.6 that has merited such a rating; the first was a denial-of-service bug publicized in July.
White Paper
D2D Virtual Tape Library Replication Primer
This whitepaper explains the terminology and concepts behind Data Replication technologies and establishes some sizing rules through worked examples. Learn the new paradigm in disaster tolerance—protect data anywhere.
Download now »
White Paper
An Alternative to Virtualization for Datacenter Cost Savings
Server virtualization is a popular option for dealing with mounting datacenter costs. Another equally promising approach is the use of an Application Delivery Controller. Citrix NetScaler provides a low-cost way for organizations to reduce their server count and accrue cost savings from a reduction in space, cooling, power and personnel.
Download now »
White Paper
Why Your Firewall, VPN, and IEEE 802.11i Aren't Enough to Protect Your Network
The emergence of WLANs has created a new breed of security threats to enterprise networks.
Included in HP ProCurve WLAN solutions is security technology that alleviates threats from WLANs through:
* Monitoring wireless activity inside and out of the enterprise
* Classifying WLAN transmissions into harmful and harmless
* Preventing transmissions that pose a security threat to the enterprise network
* Locating participating devices for physical remediation
White Paper
Bringing the Edge to the Data Center
Effectively address data protection challenges, implementing solutions that help store and protect business–critical data while cutting costs and improving efficiency and reliability.
Download now »
- How Zscaler Tackles Emerging Web Threats with High Speed, Real-Time Content Inspection in the Cloud | White Paper
- Upgrading to VMware vSphere with vWire | White Paper
- Removing Barriers To Better Server Virtualization Efficiency | White Paper
- Windows Phones and Unified Communications | White Paper
- Lower the Cost and Complexity of a Mobile Workforce through Automation | Webcast
Sign up to receive Platforms Resource Alerts
Make IT work as one. Register for Novell BrainShare 2010. Complimentary Energy Efficiency Kit - Cut Energy Costs NowSuper Multi NAS devices from LG
See how AT&T can help protect your network. Make IT Work As One at novell.comHP ProLiant G6 Servers. Perform like a superstar, Save like an accountant.HP ProLiant G6 Servers. Perform like a superstar, Save like an accountant.Unified Communications: Thoughts, Strategies and Predictions. Join the discussion.Increase UPS efficiency without sacrificing protectionIn less than 45 minutes, Palisade Systems protects your data
Return on Information: Google Enterprise Search pays you back. Get the facts.Analytics: Use your data to drive insights that enable better decisions.Restrict internet access with GFI WebMonitor™. Now 30% Off! www.gfi.com/web-filterToday’s IT means business. New eBook shows you how to align your IT investments.A new level of interoperability. Make IT Work As One at novell.comLimited-time offer: Save up to $100 on Polycom phones. 64-page prescriptive guide to security, compliance, and IT operations.Learn about Foundations of Green IT, from CTO Marty Poniatowski802.11n Drives an Architectural EvolutionSee IBM CloudBurst's self-service user interface in action
