Tilted Forum Project Discussion Community  

Go Back   Tilted Forum Project Discussion Community > Interests > Tilted Technology


 
 
LinkBack Thread Tools
Old 01-05-2004, 03:24 PM   #1 (permalink)
Banned
 
Location: shittown, CA
linux root vulnerability

affected kernals: 2.2, 2.4, 2.6
write up: here
slashdot thread : link
juanvaldes is offline  
Old 01-05-2004, 03:36 PM   #2 (permalink)
paranoid
 
Silvy's Avatar
 
Location: The Netherlands
Thanks for the heads up!
__________________
"Do not kill. Do not rape. Do not steal. These are principles which every man of every faith can embrace. "
- Murphy MacManus (Boondock Saints)
Silvy is offline  
Old 01-05-2004, 11:27 PM   #3 (permalink)
Banned
 
Location: shittown, CA
okay I KNOW there are alot more Linux folks around here so bump it goes...
juanvaldes is offline  
Old 01-06-2004, 12:26 AM   #4 (permalink)
Quadrature Amplitude Modulator
 
oberon's Avatar
 
Location: Denver
I bet they're busy upgrading their Linux machines.
__________________
"There are finer fish in the sea than have ever been caught." -- Irish proverb
oberon is offline  
Old 01-06-2004, 03:24 AM   #5 (permalink)
paranoid
 
Silvy's Avatar
 
Location: The Netherlands
I was sync my portage, but I just found out my gentoo box is unaffected
(only gentoo-sources vers 2.22-r2 kernels are unaffected)

Anyway, while we're on the subject of upgrading. My SuSe online update wants to download 2 files:
"a kernel optimized for athlon processors" at 129 MB !!
"kernel sources" 43 MB !!

Now the sources are significantly larger than official clean sources, but I assume that's because SuSe included some extra patches and stuff. But why on earth is the kernel itself (compiled I assume) 129 MB? Does anyone have any idea?
__________________
"Do not kill. Do not rape. Do not steal. These are principles which every man of every faith can embrace. "
- Murphy MacManus (Boondock Saints)
Silvy is offline  
Old 01-06-2004, 07:16 AM   #6 (permalink)
beauty in the breakdown
 
Location: Chapel Hill, NC
Yeah, thanks for the heads up. Im not going to patch right now, for several reasons--it only affects local users, I am going to completely rebuild my affected box soon, and I dont want to kill my uptime until I do bring it down to rebuild. Bad security, yes, but I dont care much on this box anyways.
__________________
"Good people do not need laws to tell them to act responsibly, while bad people will find a way around the laws."
--Plato
sailor is offline  
Old 01-06-2004, 12:05 PM   #7 (permalink)
Irresponsible
 
yotta's Avatar
 
God damnit!

I run 30 linux boxen....
__________________
I am Jack's signature.
yotta is offline  
Old 01-06-2004, 12:43 PM   #8 (permalink)
Human
 
SecretMethod70's Avatar
 
Administrator
Location: Chicago
mmm...Gentoo.

/gloat
__________________
Le temps détruit tout

"Musicians are the carriers and communicators of spirit in the most immediate sense." - Kurt Elling
SecretMethod70 is offline  
Old 01-06-2004, 04:51 PM   #9 (permalink)
 
MexicanOnABike's Avatar
 
Location: up north
i was gonna install linux on my other comp... now i'll wait.
__________________
MexicanOnABike is offline  
Old 01-06-2004, 05:42 PM   #10 (permalink)
kel
WARNING: FLAMMABLE
 
Location: Ask Acetylene
Uhm... This doesn't really affect servers since they don't run code provided by unsecure sources. Unless of course you have a bunch of programmers SSHing into it for some crazy reason.

IE if you have a bunch of servers you don't have to rush to patch since all the exectuable code is provided by you.
Only executable code can cause the overrun in root, The only way to break in would be to use another exploit first to gain control of an existing user mode process and then gain root. As long as all your user mode processes are secure your good to go.

If you don't trust your user mode processes....
__________________
"It better be funny"

Last edited by kel; 01-06-2004 at 06:47 PM..
kel is offline  
 

Tags
linux, root, vulnerability


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT -8. The time now is 02:53 PM.

Tilted Forum Project

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2025, vBulletin Solutions, Inc.
Search Engine Optimization by vBSEO 3.6.0 PL2
© 2002-2012 Tilted Forum Project

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73