LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices



Reply
 
Search this Thread
Old 02-22-2004, 09:52 PM   #16
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 57

Quote:
Originally posted by Basel
I have downloaded the patch from kernel.org, specifically patch-2.6.3.bz2.
I am new to linux and do not know what to do to update the kernel. My distribution is JDS (based on SuSE 8.1 and Linux 2.4.19).
Here's a couple of HOWTO's on kernel patching:

http://linux.about.com/library/bl/op...blnewbiea7.htm
http://linuxheadquarters.com/howto/t...nelpatch.shtml

You might want to either try to find a precompiled binary kernel for your distro, so that you don't have to compile the kernel source or just find the source for a non-vulnerable kernel and compile that without having to patch it. If you have questions about compiling or installing a new kernel, feel free to post them in the Linux-Newbie or Linux-General Forums.
 
Old 02-23-2004, 05:51 PM   #17
r_jensen11
Senior Member
 
Registered: Apr 2003
Location: Minnesota, USA
Distribution: Slack 10.0 w/2.4.26
Posts: 1,032

Rep: Reputation: 45
Quote:
Originally posted by Capt_Caveman
While it's not that pressing right now, you could be in for a real world of hurt when the next remote exploit comes out.
If you're behind a decent firewall and only use your computer as a regular desktop, these security flaws aren't too important, are they?
 
Old 02-23-2004, 10:26 PM   #18
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 57
It's a local root exploit, so the vulnerability cannot be remotely exploited. But if used in conjunction with an exploit that allows local access, you are done for (or if you already have other users). The recent compromises at debian and gentoo (which used a remote exploit followed by priviledge escalation similar to this one) are good examples of why these types of local root exploits are still extremely dangerous. I would highly recommended upgrading you kernel immediately. Don't let your firewall lull you into the false perception that you are not vulnerable. It certainly minimzes your risk, but you should still upgrade immediately.
 
Old 02-24-2004, 12:15 PM   #19
BGuy891653
LQ Newbie
 
Registered: Feb 2004
Distribution: Fedora Core 3
Posts: 13

Rep: Reputation: 0
hey leeach I love the quote. that is so true.

2.6.3 and later are uneffected by this bug correct. I'm new so I don't really understand what's going on yet. I'm learing more and more everyday.
 
Old 02-24-2004, 07:24 PM   #20
r_jensen11
Senior Member
 
Registered: Apr 2003
Location: Minnesota, USA
Distribution: Slack 10.0 w/2.4.26
Posts: 1,032

Rep: Reputation: 45
I really am too lazy to fix this right now, I guess I'll just wait until the next kernel comes out, then work with that. I just got my nvidia drivers working, I don't really feel like messing around with that right now.... Thanks for the heads-up though.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Free86 bug or nVidia bug?? ProtoformX Linux - Software 2 05-12-2004 03:38 AM
When will the mremap() kernel bug get patched? KingofBLASH Slackware 4 03-08-2004 06:53 PM
Yet another mremap critical flaw? chort Linux - Security 5 03-08-2004 02:31 PM
should I be worried about the Second mremap critical bug? Mandrake 9.2 user Fear58 Linux - Security 3 02-21-2004 01:42 PM
Help! Critical slovin Linux - General 7 05-07-2002 05:23 AM


All times are GMT -5. The time now is 06:40 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration