User-Level Crash Exploit

(from Slashdot)

An exploit has been discovered which can completely freeze up a linux box. The code does not require root level access to run, just a shell and access to a compiler. The problem appears to be that if you trigger a floating point exception inside a signal handler (specifically SIGALRM), the kernel doesnt handle it correctly, hanging the system. Several kernels are immune to this, mostly from Gentoo, ie 2.4.26-rc3-gentoo: ” I have no idea why this kernel version is safe from this exploit. It just is.” Get the code and patches. This will require a recompile of your kernel to fix.

Back to Top