digg

Facebook Connect Join Digg About

Kernel vulnerability found in Vista

news.cnet.com A flaw in Vista's networking has been found that can crash the system, but no fix is expected until the next service pack.

Who dugg this? Made popular Nov 23, 2008

Digg DudeWhat is Digg?

Digg is a place for people to discover and share content from anywhere on the web. Digg surfaces the best stuff as submitted and voted on by the community. Take the Tour to learn more.

132 Comments

show profanity settings
expand all
  • agaiziunas, on 11/23/2008, -18/+88It's not a bug, it's an undocumented feature.
  • virtualonliner, on 11/23/2008, -9/+52"Unterleitner pointed out that administrative rights were needed to execute a program calling the function that would cause the buffer overflow".
    So Vista's UAC is there to protect us. Right guys?
  • mphree, on 11/23/2008, -7/+41For what a lot of you are saying like "A Flaw?! In Vista?! No wai!"...

    If you actually pay attention to the Microsoft Security bulletins, you will notice a massive change since XP. I very rarely get messages about actual vulnerabilities anymore. I usually just get a monthly summary that says nothing. Vista is miles more secure than XP could ever hope to be.
  • dechah, on 11/23/2008, -6/+39According to the article, you need administration privileges to run the exploit. You can easily exploit other OSs if you are foolish enough to run them as root etc, Vista is no different in this regard.
  • DamnMan, on 11/23/2008, -2/+35Yep it does. The same way root privileges in Linux/OSX do. For all practical purposes in this instance "UAC" is just windows speak for "Sudo".

    The Malformed DHCP packet that MAY be able to exploit this is largely irrelevant to Internet users. Routers will not route DHCP packets. Someone would have to be on the same subnet as you. Which isn't a problem from an Internet based attack standpoint.

    So basically this is no worse than any number of *local* exploits found on OSX on any given day. But it says "Windows" so surely the sky is falling.
  • Sokkratez, on 11/23/2008, -1/+26No, they mean Service Pack 2. A beta is out right now.
  • dechah, on 11/23/2008, -3/+26If you are silly enough to do that, then you deserve to get malware. And if you have users stupid enough to do that, ensure they are on a standard user account. An idiot can bork any OS if he/she has admin privileges. Here is an example relating to OS X: http://www.intego.com/news/ism0806.asp
  • CodeCafe, on 11/23/2008, -4/+23Buried for being irrelevant and obvious trollbait. If you read the article, this is not a remote exploit; it can only be done if executing a program under special (non-default) conditions.
  • m4csrgh3yk3v, on 11/23/2008, -1/+20"To execute either the sample program or the route-add command, the user has to be member of the Network Configuration Operators group or the Administrators group."
  • inactive, on 11/23/2008, -3/+21Thats not the fault of vista. That is a mistake you have made yourself and hopefully will learn from? You could easily mess up a linux install or OSX if you dont watch what you are doing. Using OS'S are a lot about using ones own Common Sense!
  • kontact, on 11/23/2008, -0/+16DEP should prevent this, there's no mention of it in the article though

    http://en.wikipedia.org/wiki/Data_Execution_Preven ...
  • Akairenn, on 11/23/2008, -1/+17Give me ten minutes and I'll have you a perl script to run on your 'OMGLAWLSECURE' Linux box that'll provide me with total wtfpwnage over your system. (And being perl, it'll be convulted enough to ensure it'd take you a few years to decipher while looking for badness.)

    So what were you saying about dumbass users not being the responsibility of the operating system?
  • zeblith, on 11/23/2008, -4/+20Of course! We all need a way to remotely shut down our system!

    I wonder if we can get this same vulnerability for our ovens.
  • ZippyV, on 11/23/2008, -0/+16Actually, Microsoft's own statistics show that 88% of all Vista users have UAC turned on. What is your source?

    http://blogs.msdn.com/cjacks/archive/2008/02/22/wh ...
  • acmecorps, on 11/23/2008, -0/+15Again.. "Admin privileges is not necessarily the same as root.".

    While on root, you can damage the system beyond repair: 'rm -rf /'

    Windows admins cannot do that.
  • CCB0x45, on 11/23/2008, -14/+27Wow... so it took 10 years but the days of WinNuke and Click.exe are back, time to head to back to IRC like the old school days!
  • d0nkeym0nkey, on 11/23/2008, -3/+16Rain is wet, sugar is sweet...
  • inactive, on 11/23/2008, -2/+14i wonder if a kernel vulnerabilty on OSX or Linux would be news....
  • inactive, on 11/23/2008, -1/+13Yep it seems to have grown into an international sport to come up with new myths to bash vista? Lots of the problems have common sense solutions? but alas common sense on the internet is rare these days?
  • inactive, on 11/23/2008, -1/+12And I like turtles
  • toxicityj, on 11/23/2008, -0/+11If it took you five minutes to get that *****, then you're a ***** idiot that has no clue how to operate a computer. But odds are that you're just some osx or linux fanbrat that's lying to make Vista look bad.
  • Sokkratez, on 11/23/2008, -0/+11I'm pretty sure that's your bad.
  • Chris_F, on 11/23/2008, -7/+17too bad most people disabled UAC... Well, I hope they like rootkits!
  • inactive, on 11/23/2008, -13/+23Please Please can we have enough of this Vista Sux already half the lemmings going on about this have never even used vista!
    Is it perfect no. is OSX no is Linux Perfect No.
  • ZippyV, on 11/23/2008, -1/+11Read the article:

    Unterleitner pointed out that administrative rights were needed to execute a program calling the function that would cause the buffer overflow.
  • inactive, on 11/23/2008, -0/+10you lie, and you´re not even good at it
  • seltaeb4, on 11/23/2008, -31/+41"No fix is expected until the next service pack."

    You mean, "Windows 7"?
  • robdazomba, on 11/23/2008, -9/+18Admin privileges is not necessarily the same as root.
  • ibrahimcesar, on 11/23/2008, -10/+18Grass is green.
  • computershack, on 11/23/2008, -0/+8Yeah cos they only took TWENTY FIVE YEARS to fix a Unix bug which continued on to Linux and Max OS X.
  • cquinnd, on 11/23/2008, -0/+7Hasn't Apple had problems with patch delays making the news recently?
  • ZippyV, on 11/23/2008, -2/+9Read the article:

    Unterleitner pointed out that administrative rights were needed to execute a program calling the function that would cause the buffer overflow.
  • inactive, on 11/23/2008, -3/+10You use linux and you are posting on a MS subject. That is not ok. Just proves you are a troll and inevitability a douchebag. Is that ok for you?
  • redbluebird, on 11/23/2008, -0/+6Burn In Hell, with your spam message !
  • inactive, on 11/23/2008, -0/+6Have you tried SP1 had the same problem on an AMD64X2 and after SP1 no more Explorer crashes? AVG watchdog can also cause this?
  • Chris_F, on 11/23/2008, -7/+13You call being able to inject code into kernel space on a remote machine "a small bug"? You are an idiot, and that's no matter of opinion, it's a fact.
  • inactive, on 11/23/2008, -0/+6the real news is that you are an idiot
  • ism70605, on 11/23/2008, -29/+35What a surprise! It is in Vista's crummy networking.
  • inactive, on 11/23/2008, -0/+6ignorant
  • ZippyV, on 11/23/2008, -0/+6Most likely a plugin that you installed is the cause of your crash.
  • Zippo, on 11/23/2008, -0/+5Hey, IRC is still alive and well. Most other forms of group chat have keeled over and died, but IRC is still around.
  • robdazomba, on 11/23/2008, -0/+5I brought this up and the pro-Bill Gates brigade buried me for it. Here's a second try. Maybe someone sensible and knowledgeable enough can explain before the fanboys rush in. (You platform-worshipping ***** are ruining Digg, btw.)

    How can a buffer overflow be an issue when Vista is using ASLR/memory randomization to eliminate the problems caused by that? I've read many times about how the implementation of ASLR in Vista was supposed to make exploiting a buffer overflow next to impossible. This news appears to contradict it.

  • EvilHomer, on 11/23/2008, -2/+7'del /s /f c:*'
  • KingFog, on 11/23/2008, -0/+5Sigh... Why the hell do they go into so much detail about what is affected, and how to cause it, in public? If they've found a problem, why not just say "we've found a problem in Windows Vista, and leave it at that...

    Now it is public knowledge roughly how to do it, which will mean it will be exploited...
  • Culyt, on 11/23/2008, -2/+6Now. Here’s a fellow attempting to ride a bicycle. But he’s having some trouble, isn’t he? Would you like to know why? Because he’s a Scot! Now, who here likes a good story about a bridge?
  • hugolp, on 11/23/2008, -15/+19I use linux and I find it interesting. Its that ok with you?
  • ism70605, on 11/23/2008, -1/+5I love how people bury me. Wasn't XP essentially a service pack to 2000? And wasn't ME essentially a service pack to 98?

    XP is 2000, 95 is 98, ME is 98, and Windows 7 is Vista. Of course each had minor differences, but that is what they were, minor.
  • BotaXero, on 11/23/2008, -3/+7What, pray tell, is DCHP?
  • BotaXero, on 11/23/2008, -1/+5Oh I know what DHCP is, but look at the article again. =)
  • namelessNN, on 11/23/2008, -2/+5well at least you're doing your part to spread the word so more people can take advantage of it.
  • Fetching more discussions...
    Show 51 - 100 of 136 discussions

  • Add a Comment

    Login or register to comment!
    Or, sign-in super fast with your Facebook account ...

© Digg Inc. 2009 — Content created and posted by Digg users is dedicated to the public domain | Terms of Use Updated | Privacy Policy
DIGG, DIGG IT, DUGG, DIGG THIS, Digg graphics, logos, designs, page headers, button icons, scripts, and other service names are the trademarks of Digg Inc.