Kernel security hole 2.4.22 and previous

[trigggl]

This is just to make sure everyone knows to upgrade their old kernels regardless what distro you are using. As far as I know, Mandrake 9.2 is the only distro released with a secure kernel version of 2.4.22 or earlier. Users of all distro's should check to make sure you get the patch for the hole first discovered in Debian.This is mentioned in update threads, but a linux user of some other distro may not read those.

[teacher]

Good point. It pays to run updates no matter which distro you are using.

[Bruno]

Thanks for the info Greg ! Bruno

[linuxdude32]

This is the same bug used to hack into the Debian site:From Debian Security Advisory DSA-403-1:

Recently multiple servers of the Debian project were compromised using aDebian developers account and an unknown root exploit. Forensicsrevealed a burneye encrypted exploit. Robert van der Meulen managed todecrypt the binary which revealed a kernel exploit. Study of the exploitby the RedHat and SuSE kernel and security teams quickly revealed thatthe exploit used an integer overflow in the brk system call. Usingthis bug it is possible for a userland program to trick the kernel intogiving access to the full kernel address space. This problem was foundin September by Andrew Morton, but unfortunately that was too late forthe 2.4.22 kernel release.

On the good side, this might put some modesty back into Debian supporters!

[Peachy]

I'm at this very moment installing the SuSE 9.0 patches and updates after re-installing it (if you want to know why, let's just say that nVidia's nForce drivers and this current kernel don't like each other. My ReiserFS was corrupted beyond repair last night. Don't ask me what happened: I just couldn't boot past the detection of the SATA drive after trying to compile the drivers for the onboard Nvidia NIC.)

[teacher]

Ouch! Glad you were able to reinstall without problem. Here's to a fast reinstall of the updates.

[linuxdude32]

Here's an article from Wired about the hole. It can only be exploited by local users having an account on the Linux machine in question. This reminds me of the ptrace hole (last Spring?). It's not that serious.Wired article

[trigggl]

Here's an article from Wired about the hole. It can only be exploited by local users having an account on the Linux machine in question. This reminds me of the ptrace hole (last Spring?). It's not that serious.Wired article

So, it's a bit like the #90 Phone warning? You have to be on a special network for it to apply. It really doesn't affect home users, then. I doubt my daughter or wife will know how to exploit a security hole. I know I don't.The article did mention the issue of someone hacking into a user account, then using the hole to gain priviledges. If someone knows how to use the hole, then most likely they will be able to hack into a user account. Users typically don't take passwords all that seriously.