Hello,

I want to know some details about how root eploit is caused on LILO kernel versions 2.6.10 for Linux servers.


Thanks,

There's some confusion. LILO is not a distribution, it is a bootloader. As a result, it does not have a kernel, but rather loads kernels into memory and passes control to them.

While it is certainly possible that the 2.6.10 kernel had some exploit(s), the current kernel is 2.6.17 based as of this writing. In addition, commercial servers tend to use major distributions, and those major distributions back-port security fixes. So while a kernel may be based on 2.6.10, it may in fact have all known security patches. This is done to maximize the stability of the kernel (and other software).

Hello macemoneta,


Thanx for the quick and Helpful response. please could you tell me something more about which security patches should be provided with the kernel version 2.6.10. And which are the most stable kernel versions used recently with Grub boot loader.


Thanks in Advance

there's probably too many to list... if your distribution is providing this old kernel version, then they would also be expected to do the patching for you... it would be really weird if you had to manually patch such an old kernel on your own...

your best bet (in case your distribution isn't patching the kernel for you) is probably to upgrade to an up-to-date kernel IMHO... keep in mind that the latest stable version as of this post is 2.6.18, while the 2.6.16.y and 2.6.17.y trees are still being maintained...

they've all been used with the grub boot loader... you shouldn't have any problems at all if you pick the latest stable version, or a previous (but still adequately maintained) version...