http://www.randomhacks.net/articles/tag/Security?tag=Security en-us 40 Technology and Other Fun Stuff <p>Via <a href="http://lwn.net/Articles/330866/">LWN</a>.</p> <p>If you&#8217;re a Linux system administrator, you shouldn&#8217;t put your faith in security advisories. The <a href="http://kernelbof.blogspot.com/2009/04/kernel-memory-corruptions-are-not-just.html">kernelbof</a> blog accuses Linux distributors of being too quick to label security bugs as &#8220;denial of service&#8221; attacks:</p> <blockquote> I&#8217;m wondering why kernel developers (or vendors?) continue to claim that kernel memory corruption are just Denial of Service. Most of the times they _are_ exploitable. </blockquote> <p>As an example, the author quotes <a href="http://www.ubuntu.com/usn/usn-751-1">Ubuntu Security Notice 751</a>:</p> <blockquote>The SCTP stack did not correctly validate FORWARD-TSN packets. A remote attacker could send specially crafted SCTP traffic causing a system crash, <strong>leading to a denial of service.</strong></blockquote> <p>(Emphasis added.)</p> <p>The author claims, however, to have created an exploit for this bug. He says his exploit allows a remote attacker to gain root access, often on the first attempt. If this is true, it would give him a quick way to gain control over any Linux system which has a process listening to an SCTP socket.</p> <p>Ubuntu&#8217;s security team is not doing system administrators any favors by labeling memory corruption as &#8220;denial of service&#8221; attacks. If you can corrupt memory, there are some terrifyingly clever ways to run code. And marking memory as non-executable won&#8217;t necessarily protect you.</p> <p>If you administer a Linux system, you should probably aim to patch alleged &#8220;denial of service&#8221; bugs as quickly as you can.</p> Thu, 30 Apr 2009 12:57:00 +0000 urn:uuid:c25e2eee-9864-43d8-8b0b-6b0c0a4af6b1 Eric Kidd http://www.randomhacks.net/articles/2009/04/30/remote-root-holes-reported-as-denial-of-service Linux Security http://www.randomhacks.net/articles/trackback/609 <p><a href='http://news.com.com/2100-1001-945480.html'>A new security problem</a> has been discovered in PHP 4.2.x. This is not the <a href='http://news.com.com/2100-1001-847092.html'>first</a> major hole in PHP, and it probably won't be the last.</p> <p>Even if your PHP runtime is secure, it's <a href='http://old.lwn.net/2001/0704/a/study-in-scarlet.php3'>really hard</a> to write secure PHP scripts. There's so many things that can go wrong--malicious users setting "internal" global variables, <a href='http://www.phpadvisory.com/advisories/view.phtml?ID=7'>SQL injection</a> attacks, ".inc" files containing passwords, and a whole host of other all-to-common bugs.</p> <p>Just say no.</p> Mon, 22 Jul 2002 00:00:00 +0000 urn:uuid:08169500-de0a-445f-9d5d-4e24aa591107 Eric http://www.randomhacks.net/articles/2002/07/22/yet-another-php-hole Security http://www.randomhacks.net/articles/trackback/14