linux root vulnerability - Tilted Forum Project Discussion Community

juanvaldes · 01-05-2004, 03:24 PM

affected kernals: 2.2, 2.4, 2.6
write up: here
slashdot thread : link

Silvy · 01-05-2004, 03:36 PM

Thanks for the heads up!

juanvaldes · 01-05-2004, 11:27 PM

okay I KNOW there are alot more Linux folks around here so bump it goes...

oberon · 01-06-2004, 12:26 AM

I bet they're busy upgrading their Linux machines.

Silvy · 01-06-2004, 03:24 AM

I was sync my portage, but I just found out my gentoo box is unaffected

(only gentoo-sources vers 2.22-r2 kernels are unaffected)

Anyway, while we're on the subject of upgrading. My SuSe online update wants to download 2 files:
"a kernel optimized for athlon processors" at 129 MB !!
"kernel sources" 43 MB !!

Now the sources are significantly larger than official clean sources, but I assume that's because SuSe included some extra patches and stuff. But why on earth is the kernel itself (compiled I assume) 129 MB? Does anyone have any idea?

sailor · 01-06-2004, 07:16 AM

Yeah, thanks for the heads up. Im not going to patch right now, for several reasons--it only affects local users, I am going to completely rebuild my affected box soon, and I dont want to kill my uptime until I do bring it down to rebuild. Bad security, yes, but I dont care much on this box anyways.

yotta · 01-06-2004, 12:05 PM

God damnit!

I run 30 linux boxen....

SecretMethod70 · 01-06-2004, 12:43 PM

mmm...Gentoo.

/gloat

MexicanOnABike · 01-06-2004, 04:51 PM

i was gonna install linux on my other comp... now i'll wait.

kel · 01-06-2004, 05:42 PM

Uhm... This doesn't really affect servers since they don't run code provided by unsecure sources. Unless of course you have a bunch of programmers SSHing into it for some crazy reason.

IE if you have a bunch of servers you don't have to rush to patch since all the exectuable code is provided by you.
Only executable code can cause the overrun in root, The only way to break in would be to use another exploit first to gain control of an existing user mode process and then gain root. As long as all your user mode processes are secure your good to go.

If you don't trust your user mode processes....

01-05-2004, 03:24 PM	#1 (permalink)
juanvaldes Banned Location: shittown, CA	linux root vulnerability affected kernals: 2.2, 2.4, 2.6 write up: here slashdot thread : link

01-05-2004, 03:36 PM	#2 (permalink)
Silvy paranoid Location: The Netherlands	Thanks for the heads up! __________________ "Do not kill. Do not rape. Do not steal. These are principles which every man of every faith can embrace. " - Murphy MacManus (Boondock Saints)

01-06-2004, 12:26 AM	#4 (permalink)
oberon Quadrature Amplitude Modulator Location: Denver	I bet they're busy upgrading their Linux machines. __________________ "There are finer fish in the sea than have ever been caught." -- Irish proverb

01-06-2004, 03:24 AM	#5 (permalink)
Silvy paranoid Location: The Netherlands	I was sync my portage, but I just found out my gentoo box is unaffected (only gentoo-sources vers 2.22-r2 kernels are unaffected) Anyway, while we're on the subject of upgrading. My SuSe online update wants to download 2 files: "a kernel optimized for athlon processors" at 129 MB !! "kernel sources" 43 MB !! Now the sources are significantly larger than official clean sources, but I assume that's because SuSe included some extra patches and stuff. But why on earth is the kernel itself (compiled I assume) 129 MB? Does anyone have any idea? __________________ "Do not kill. Do not rape. Do not steal. These are principles which every man of every faith can embrace. " - Murphy MacManus (Boondock Saints)

01-06-2004, 07:16 AM	#6 (permalink)
sailor beauty in the breakdown Location: Chapel Hill, NC	Yeah, thanks for the heads up. Im not going to patch right now, for several reasons--it only affects local users, I am going to completely rebuild my affected box soon, and I dont want to kill my uptime until I do bring it down to rebuild. Bad security, yes, but I dont care much on this box anyways. __________________ "Good people do not need laws to tell them to act responsibly, while bad people will find a way around the laws." --Plato

01-05-2004, 11:27 PM	#3 (permalink)
juanvaldes Banned Location: shittown, CA	okay I KNOW there are alot more Linux folks around here so bump it goes...

01-06-2004, 12:05 PM	#7 (permalink)
yotta Irresponsible	God damnit! I run 30 linux boxen.... __________________ I am Jack's signature.

01-06-2004, 12:43 PM	#8 (permalink)
SecretMethod70 Human Administrator Location: Chicago	mmm...Gentoo. /gloat __________________ Le temps détruit tout "Musicians are the carriers and communicators of spirit in the most immediate sense." - Kurt Elling

01-06-2004, 04:51 PM	#9 (permalink)
MexicanOnABike Location: up north	i was gonna install linux on my other comp... now i'll wait. __________________ - Movie Reviews - Ratings-

01-06-2004, 05:42 PM	#10 (permalink)
kel WARNING: FLAMMABLE Location: Ask Acetylene	Uhm... This doesn't really affect servers since they don't run code provided by unsecure sources. Unless of course you have a bunch of programmers SSHing into it for some crazy reason. IE if you have a bunch of servers you don't have to rush to patch since all the exectuable code is provided by you. Only executable code can cause the overrun in root, The only way to break in would be to use another exploit first to gain control of an existing user mode process and then gain root. As long as all your user mode processes are secure your good to go. If you don't trust your user mode processes.... __________________ "It better be funny" Last edited by kel; 01-06-2004 at 06:47 PM..