Bug number one on the hit list is a remote DDoS (distributed denial-of-service) vulnerability that could potentially let an attacker crash your server by sending it an illegally fat IPv4 TCP/IP packet. Those of you who are network administrators may be going, "Wait, haven't I heard of this before?" Why, yes, yes you have.
It's the good old ping-of-death DDoS attack back again. What happened, according to the Linux kernel discussion list, was that somewhere between the Linux kernel 2.6.28.10 and 2.6.29 releases someone made a coding boo-boo and made it possible for this ancient attack to work again.
Fortunately--this is open source after all--the bug was quickly found and fixed before any bum got a chance to smash systems with a ping-of-death attack. If you're using any Linux kernel except 2.6.28.1x you're safe. Not sure what version you're running? The easy way to find out is to run the following command from a shell prompt:
uname -a
The link for this article located at IT World is no longer available.
