Dangerous Linux Denial of Service Vulnerability Disclosed as 0-Day


Recommended Posts

Dangerous Linux Denial of Service Vulnerability Disclosed as 0-Day

Greyhat hackers from Goatse Security have published the details of a dangerous denial of service (DoS) vulnerability affecting many Linux distributions.

The flaw can be exploited by tricking users into opening an overly-long, specially-crafted apt:// URL in a browser that supports the protocol.

"This bug is delightfully trivial to deploy. Just write a normal HTML page containing an iframe that takes a 10000 character apt:// URL as its source," the hackers write.

Because the Advanced Packaging Tool (APT) is a common Linux software manager application a large number of distributions are affected. These includes the popular Debian, Ubuntu, Fedora, Red Hat Enterprise Linux and SUSE Linux Enterprise Desktop, but also Alinex, BLAG Linux and GNU, CentOS, ClearOS, DeMuDi, Feather Linux, Foresight Linux, gnuLinEx. gNewSense, Kaella, Knoppix, Linspire, Linux Mint, Musix, GNU/Linux, Parsix, Scientific Linux and Ututo.

Successful exploitation of the vulnerability crashes the X session with an "Unexpected X error: BadAlloc (insufficient resources for operation) serial 1779 error_code 11 request_code 53 minor_code 0)" error.

Story: http://news.softpedia.com/news/Dangerous-Linux-Denial-of-Service-Vulnerability-Disclosed-as-0-Day-200668.shtml
Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...