# Re: Remote buffer overflow bug in kernel

Antonio Olivares writes:


Dear all,


There has been a bug in the kernel with a buffer overflow in kernel,
\begin{quote}
A remote buffer overflow vulnerability in the Linux Kernel could be exploited by attackers to execute code or cripple affected systems, according to a Gentoo bug report that just became public.

The flaw could allow malicious hackers to launch arbitrary code with kernel-level privileges.  This could lead to complete system compromise or, in some cases if an exploit fails, result in denial-of-service attacks.
\end{quote}


More at http://blogs.zdnet.com/security/?p=2121
Q:  Will we see an updated kernel soon that addresses this issue?


Is it a real bug or just on Gentoo?
RTFA:

•Anders Kaseorg discovered that ndiswrapper did not correctly handle
long ESSIDs. If ndiswrapper is in use, a physically near-by attacker
could generate specially crafted wireless network traffic and crash the
system, leading to a denial of service.

If you're using ndiswrapper for a wireless card, you're boned.


Just consider it as yet another cost of bending over to accomodate non-free binary blob device drivers, instead of giving your business to Linux-friendly hardware manufacturers which actively support the free software community.
This is not a kernel bug, this is a bug in ndiswrapper, so there won't be
any kernel updates for Fedora. The fix will have to be in ndiswrapper, which
is not part of Fedora proper.

Attachment: pgpnIT3orecrB.pgp
Description: PGP signature

--
fedora-list mailing list
[email protected]
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]