LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (http://www.linuxquestions.org/questions/linux-security-4/)
-   -   should I be worried about the Second mremap critical bug? Mandrake 9.2 user (http://www.linuxquestions.org/questions/linux-security-4/should-i-be-worried-about-the-second-mremap-critical-bug-mandrake-9-2-user-148553/)

Fear58 02-20-2004 06:09 PM

should I be worried about the Second mremap critical bug? Mandrake 9.2 user
 
Is this virus, or whatever it is (sorry! New to linux :newbie: :rolleyes: ) going around rapidly, all and all, should I be that worried. I ask because I have no idea how to install the new kernel on my new Mandrake 9.2 machine. Thanks

peace 02-20-2004 06:27 PM

It is not a virus, it is a vulnerability in the kernel. This does not have an exploit coded for it yet, I haven't even (personally) seen a Proof of Concept.

Essentially, this problem can allow a local user to gain superuser (root) privledges. If you do not give access to untrusted users (SSH, telnet, etc) then this is not something you have to be worried about.

Mandrake will no doubt assist you in patching (or securing) this kernel, however the Mandrake distro handles this sort of thing.

Fear58 02-20-2004 06:50 PM

Thanks. All I needed to know.

cjcuk 02-21-2004 12:42 PM

Quote:

Originally posted by peace
This does not have an exploit coded for it yet, I haven't even (personally) seen a Proof of Concept.
Just to point out that: a) the advisory that announced the problem stated that they would be releasing exploit code one week after the release and b) that the bug only requires fairly trivial modifications of old PoC's for a PoC on the bug (exploitation is more difficult).


All times are GMT -5. The time now is 12:02 AM.