Hole in Linux kernel

By Derek Sooman on
Leading Linux distributor Suse has uncovered a security hole in the linux 2.6 kernel. It is claimed that this vulnerability can be used to shut down a system running 2.6-based software remotely. Bad news, indeed.

The 2.6 kernel was introduced last year, and represents a lot of what is state of the art about Linux. It is loaded with new features, but in terms of development life, its pretty immature. There remains quite a lot of work to be done, and many companies such as Red Hat view the more established 2.4 kernel as more viable for production work, and have back ported many 2.6 bits and bobs for 2.4

This new found problem in 2.6 is to do with the way the kernel handles iptables firewall logging. It only affects systems which use iptables-based firewalls. This includes SUSEfirewall2, which is why the company was so keen to highlight the problems. Apparently, an attacker could use a malformed packet to shut down the system. The potential exploit is rated as being pretty serious.

No word as yet on a new release of 2.6 which will fix the problem, but I can only assume that one is coming - the penguin heads won't tolerate this for long!

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.