Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Originally posted by Basel I have downloaded the patch from kernel.org, specifically patch-2.6.3.bz2.
I am new to linux and do not know what to do to update the kernel. My distribution is JDS (based on SuSE 8.1 and Linux 2.4.19).
You might want to either try to find a precompiled binary kernel for your distro, so that you don't have to compile the kernel source or just find the source for a non-vulnerable kernel and compile that without having to patch it. If you have questions about compiling or installing a new kernel, feel free to post them in the Linux-Newbie or Linux-General Forums.
It's a local root exploit, so the vulnerability cannot be remotely exploited. But if used in conjunction with an exploit that allows local access, you are done for (or if you already have other users). The recent compromises at debian and gentoo (which used a remote exploit followed by priviledge escalation similar to this one) are good examples of why these types of local root exploits are still extremely dangerous. I would highly recommended upgrading you kernel immediately. Don't let your firewall lull you into the false perception that you are not vulnerable. It certainly minimzes your risk, but you should still upgrade immediately.
I really am too lazy to fix this right now, I guess I'll just wait until the next kernel comes out, then work with that. I just got my nvidia drivers working, I don't really feel like messing around with that right now.... Thanks for the heads-up though.