Times online -Snip-
Bill Thompson, computing expert, explains how a basic programming mistake has led to Microsoft's announcement of a "critical" security flaw in its widely-used Windows operating system.
What is the "critical" problem?
Microsoft programmers made a mistake in the part of the operating system code that allows programs to talk to each other.
This would allow a hacker to send incorrect information to a program and cause it to crash - leaving that computer open to the outside world.
When a system crashes it doesn't stop working, it runs a different program instead - which the hacker can specify and could allow them to take control of the computer.
---------------------------------------------------------------------
Red Hat announces exploit in Enterprise Linux product
Geek.com -Snip-
Red Hat has announced a security vulnerability in its recently-released Red Hat Enterprise Linux 3 product. The exploit allows any user with a local account on the affected machine to elevate his or her privileges to root level ... but apparently only on machines running the AMD64 architecture. The bug resides directly in the kernel and is not a fault of the hardware.
This is the first update for Red Hat's Enterprise product, and Red Hat has taken this opportunity to toss in several bug fixes and enhancements to other areas of the operating system at the same time.
You can view the full details on Red Hat's Errata page. Fixes can be downloaded from the same site, and Red Hat strongly advises all users of any flavor of Red Hat Enterprise Linux to install this fix immediately. Mitre.org also has a write-up on the technical details of the exploit.
ERIC'S OPINION
As far as I can tell this problem doesn't stem from a buffer overflow, so I can't take my usual tack of tearing into sloppy programming. It's a bug that slipped by QA, and it happens from time to time with any complex piece of code.
Printer-friendly format
Email this thread to a friend
Bookmark this thread
(1000+ posts)
Send PM |
Profile |
Ignore
