
Linux Kernel NULL Pointer Vulnerability - ErrantX
http://www.securityfocus.com/bid/36038
======
ErrantX
patch is here:
[http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6...](http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=e694958388c50148389b0e9b9e9e8945cf0f1b98)

This has been giving us headaches from clients all day so I figured it made
sense to post it (as no one else appears to have done so) - seeing as it
affects pretty much everything since the 2.4 kernel.

Might be a good moment to update those kernels people :)

(elreg blurb: <http://www.theregister.co.uk/2009/08/14/critical_linux_bug/>)

------
tptacek
These are really beautiful exploits. Other people have written them up better
than I can, so I won't bother, but it's worth tracking down the writeups;
you'll be a slightly smarter person after reading them, and they'll make you
smile.

~~~
kirubakaran
<http://isc.sans.org/diary.html?storyid=6820>

~~~
arohner
This was a more useful article than the actual post

~~~
ErrantX
agreed, thanks kirubakaran!

It has a really simple but effective explanation of the NULL dereferencing
problem.

------
ajross
Isn't this like the last bug? Limited to being an exploit on systems where the
default security policy is (was) to allow writable mappings at page zero? If
so, shouldn't the SELinux treatment for those be effective here too?

~~~
kragen
It looks like "the SELinux treatment for those" is to disable SELinux?

------
jacquesm
Note that this is a _local_ exploit, not a remote exploit. I guess that means
panic but not too much.

Nice ad for trustix!

------
FooBarWidget
Sigh, again? I don't follow vulnerabilities that well but isn't this the third
NULL pointer vulnerability this year?

I run a Debian server but strangely there are no kernel updates.

------
yread
Haha and I was thinking the other day reading ms tech bulletins that MS always
has such a long list of affected software!. Look at this: 473 different
versions

~~~
jacquesm
The length of the list is a function of two variables, the first the length
the bug has been in production, the second the number of versions you have
released in to the wild.

What you're seeing here is a fairly rare occurrence in the linux world, a bug
that has been in the code for a long long time. Frequent releases are pretty
common in open source projects.

------
known
It seems this vulnerability exists to accommodate WINE.

------
c00p3r
<http://www.milw0rm.com/exploits/9435>

