Linux hole found


SuSE screams in the dark

VENERATED SOFTWARE firm Novell is warning its SuSE users that there is a serious security hole in Version 2.6 of the Linux kernel, which could allow attackers to shut down systems. The 2.6 kernel was completed at the end of last year and has a number of “enterprise friendly” features. Unfortunately it also packs a flaw in the way it handles iptables firewall logging. This is a particular problem for SuSE users as a lot of them have iptables-based firewalls, such as SuSE Firewall II.

Basically, a cracker could hit the system with a malformed packet and shut down systems. This is not a good thing and Novell has ranked the bug nine out of 10 in severity.

Products running the older 2.4 kernel, including enterprise server products from Red Hat and MandrakeSoft, aren’t affected. Novell folk say that SuSE Linux 9.2 isn’t affected because the version of the kernel it uses, 2.6.8, already contains a fix. But then 9.2 hasn’t actually hit the shops yet so it is not surprising.

Novell has patched a less serious flaw in SuSE that could have allowed a user to gain root privileges, but this only affects SLES 9 on the S/390 platform.