23 November 2006, 13:29

Month of Kernel Bugs - the interim results

The Month of Kernel Bugs has so far produced a list of 22 operating system bugs. Linux leads in the statistics, however the bugs found are mostly susceptible only to denial of service attacks by local users.

Most of the Linux bugs discovered by security researchers have been in the processing of defective file system structures. Such problems also affect Free BSD, Mac OS X and Solaris - they generally crash when mounting or reading prepared file systems. The MoKB project has so far collected a total of 14 bugs relating to handling defective file systems.

Linux has problems with manipulated NTFS, minix, gfs2, ext2, ext3, ISO9660 and squashfs file systems. With activated SELinux hooks, any file system can crash the system. On top of this Linux has problems with defective zlib compression streams, such as are used by cramfs. FreeBSD had two problems with the UFS file system, Solaris just the one. Mac OS X has problems with unknown file types when calling the system function fpathconf() and with corrupt UDIF and UDTO-HFS+ file systems.

A further hot area is bugs in WLAN drivers which could be exploited by attackers to infiltrate and execute arbitrary code with system privileges. To date there have six such reports - Apple's Airport driver for Orinoco based cards, Broadcom's BCMWL5.SYS driver for Windows, an older DWL-G132 driver from D-Link plus drivers for Netgear's WG111v2, MA521 and WG311v1 all tear open security holes in operating systems.

Operating system	Number of MoKB bugs
Linux	9
Windows	6
Apple	4
FreeBSD	2
Solaris	1

The ratio of bugs which allow infiltration of code to denial of service vulnerabilities is currently precisely 1 to 1, with eleven reports in each category. However, it is still possible for another operating system to take the lead in the list - there are still 8 bug reports to come in the MoKB.