And you thought that Microsoft operating systems were bad on security... Well, they are. But all is not rosy in the Unix/Linux world either, as this News.com story shows. An entirely new class of exploit has been showing up over the last couple of months, and it's been termed the 'format string' vulnerabilty.
Similar to a buffer overflow exploit, the new type of vulnerability uses formatting commands to run malicious code. Apparently, some of the code has been vulnerable to these exploits for years, and the bugs are just now getting found and fixed. One such bug has been found in a core package that is relied upon for basic display services by "countless" programs.
That particular bug affects "all Linux and Unix operating systems except OpenBSD and FreeBSD" according to the president of a security company who was interviewed for the article. According to the article, Red Hat has already posted a fix for this bug; browsing the Red Hat site, I came upon this page, dated September 1, that appears to deal with the exploit in question. The article doesn't mention the status of bug fixes for any other Unix variant.
While it's good that this bug is quickly being stamped out, it looks to be a long road ahead; analysts seem to think there are quite a few more format string exploits lurking in the source code. Greeeeeat.
|Alphacool Eiswolf 120 GPX-Pro takes the RX Vega to the pool||5|
|Deal of the day: a 144-Hz IPS FreeSync monitor for $400||24|
|The Tech Report's summer 2017 mobile staff picks||36|
|Go pro with the Asus ROG Strix XG27VQ gaming monitor||13|
|VivoBook W202NA is ready to brave the toughest of classrooms||6|
|MSI Infinite A desktops flaunt their gaming chops||14|
|Dual chambers and glass meet in the Lian Li PC-Q39||9|
|Razer Atheris is ready to strike on the move||14|
|Alphacool goes big with Eisbaer 420 AIO liquid cooler||6|
|I know you're joking but the numberpad is nothing more than a bad-habit crutch for hunt-and-peck, two-finger typists. Touch-typists don't even use it....||+16|