In association with heise online

12 November 2006, 22:54

Month of Kernel Bugs: Linux in the lead

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

At this point in time, nine vulnerabilities in operating system kernels have been publicised as part of the Month of Kernel Bugs. Following on July's Month of Browser Bugs initiated by H.D. Moore, a similar project to highlight security vulnerabilities has been announced for November under the title "Month of Kernel Bugs" (MoKB). The project's initiators intend to release one security hole per day for the various operating system kernels. Up until now, fuzzing tools like "fsfuzzer" and "fs-bugs" have been used to turn up the errors.

Three of the publicised holes affect Linux kernel 2.6, two FreeBSD 6.1, two Mac OS X, one Solaris and one Windows. Proof of concept exploits have already been released for seven of the vulnerabilities, demonstrating the problems in the respective kernels. Five of the vulnerabilities can be used to inject and execute code, according to their discoverers' assessment. The remainder crash the system. The hole in Apple's Orinoco driver is the only one that can be exploited over the net or via WLAN.

No patches have been released for any of the vulnerabilities as yet. On the other hand, several of the errors seem only remotely likely to be provoked on standard systems. Hence two of the publicised errors in Linux are related to the "squashfs" file compression system, which is generally only used in embedded systems; another bug is found in zlib, which together with the file system "cramfs" can lead a system to crash.



Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit