trigggl Posted December 2, 2003 Share Posted December 2, 2003 This is just to make sure everyone knows to upgrade their old kernels regardless what distro you are using. As far as I know, Mandrake 9.2 is the only distro released with a secure kernel version of 2.4.22 or earlier. Users of all distro's should check to make sure you get the patch for the hole first discovered in Debian.This is mentioned in update threads, but a linux user of some other distro may not read those. Quote Link to comment Share on other sites More sharing options...
teacher Posted December 2, 2003 Share Posted December 2, 2003 Good point. It pays to run updates no matter which distro you are using. Quote Link to comment Share on other sites More sharing options...
Bruno Posted December 2, 2003 Share Posted December 2, 2003 Thanks for the info Greg ! Bruno Quote Link to comment Share on other sites More sharing options...
linuxdude32 Posted December 2, 2003 Share Posted December 2, 2003 This is the same bug used to hack into the Debian site:From Debian Security Advisory DSA-403-1: Recently multiple servers of the Debian project were compromised using aDebian developers account and an unknown root exploit. Forensicsrevealed a burneye encrypted exploit. Robert van der Meulen managed todecrypt the binary which revealed a kernel exploit. Study of the exploitby the RedHat and SuSE kernel and security teams quickly revealed thatthe exploit used an integer overflow in the brk system call. Usingthis bug it is possible for a userland program to trick the kernel intogiving access to the full kernel address space. This problem was foundin September by Andrew Morton, but unfortunately that was too late forthe 2.4.22 kernel release.On the good side, this might put some modesty back into Debian supporters! Quote Link to comment Share on other sites More sharing options...
Peachy Posted December 2, 2003 Share Posted December 2, 2003 I'm at this very moment installing the SuSE 9.0 patches and updates after re-installing it (if you want to know why, let's just say that nVidia's nForce drivers and this current kernel don't like each other. My ReiserFS was corrupted beyond repair last night. Don't ask me what happened: I just couldn't boot past the detection of the SATA drive after trying to compile the drivers for the onboard Nvidia NIC.) Quote Link to comment Share on other sites More sharing options...
teacher Posted December 2, 2003 Share Posted December 2, 2003 Ouch! Glad you were able to reinstall without problem. Here's to a fast reinstall of the updates. Quote Link to comment Share on other sites More sharing options...
linuxdude32 Posted December 2, 2003 Share Posted December 2, 2003 Here's an article from Wired about the hole. It can only be exploited by local users having an account on the Linux machine in question. This reminds me of the ptrace hole (last Spring?). It's not that serious.Wired article Quote Link to comment Share on other sites More sharing options...
trigggl Posted December 3, 2003 Author Share Posted December 3, 2003 Here's an article from Wired about the hole. It can only be exploited by local users having an account on the Linux machine in question. This reminds me of the ptrace hole (last Spring?). It's not that serious.Wired article So, it's a bit like the #90 Phone warning? You have to be on a special network for it to apply. It really doesn't affect home users, then. I doubt my daughter or wife will know how to exploit a security hole. I know I don't.The article did mention the issue of someone hacking into a user account, then using the hole to gain priviledges. If someone knows how to use the hole, then most likely they will be able to hack into a user account. Users typically don't take passwords all that seriously. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.