Remote Bug Found In Ubuntu Kerberos 93
Trailrunner7 writes "There's a remote vulnerability in the Kerberos implementation in several versions of Ubuntu, which could allow an attacker to cause a denial-of-service on vulnerable servers. The bug is in Ubuntu 8.04, Ubuntu 9.10, Ubuntu 10.04 and Ubuntu 10.10. The bug is in the Ubuntu implementation of the Kerberos authentication protocol. Ubuntu has released a slew of new packages to fix the flaw. The group said that in most cases, a normal system update will add the new fixes."
Dear MS trolls: (Score:3, Insightful)
Notice how this has already been patched before most of the world knew about it?
This is the difference in the GNU/Linux world and your world.
Love,
An ex-MS person that will never go back
Re:Responsible disclosure (Score:1, Insightful)
Sometimes I have the feeling that kernel level programmers only disclose bugs which they are able to use to discredit a competitive colleague. The remainder of the exploits they quietly continue to use.
Consider: who would know?
Re:Dear MS trolls: (Score:4, Insightful)
It was discovered in (actually, discovered much earlier but acknowledged in) October 2010, thus the difference between the two worlds is that folks who discover Linux bugs tend not to share them with anyone but the vendor, and the folks who discover Windows bugs tells everyone and their dog, before even notifying Microsoft. Interestingly, often the same folks in both cases.
Thus, there's nothing wrong with our world. There's something wrong with the mindset of the white-hats.
Re:Responsible disclosure (Score:4, Insightful)
Fortunately Linux doesn't have three zillion things running in the background that can't easily be restarted, unlike Windows.
Quite right, because Windows doesn't have a restart option like Linux. You have to manually type it as
net stop "service" && net start "service"
That is so much harder.
Re:Gosh, denial is a popular place (Score:5, Insightful)
Does your rant have any basis in reality?
I'm not used Mac OSX for any significant length of time, but have been using Windows and Linux for years. Plenty of Windows software breaks on updates and/or becomes abandonware when the vendor goes out of business or stops making drivers for the older hardware on newer versions. One of the reasons I shifted my home PC to Linux was to escape all that nonsense of stuff you'd bought just suddenly stopping working on upgrade. Or degrading over time unless you do a complete re-install. I've always found Linux with it's updates a breath of fresh air compared to the hassles of keeping Windows up and running. My hardware and peripherals keeps working through many OS updates, user facing software is updated frequently. I assure you that Linux users would definitely be upset if user facing programs suddenly stopped working on update, so that seems a bizarre distinction to make.
And billions of dollars of software does run on Linux, I know we've got millions of dollars worth of software running on Linux just where I'm working. And there is that choice between running the latest and greatest, for stable but behind the curve which strong support from vendors.
Microsoft tends to tie its wagons together, despite having separate server and consumer versions.