LinuxQuestions.org
Did you know LQ has a Linux Hardware Compatibility List?
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 02-20-2004, 06:09 PM   #1
Fear58
Member
 
Registered: Feb 2004
Location: Reno, Nevada
Distribution: Mandrake 9.2
Posts: 221

Rep: Reputation: 30
should I be worried about the Second mremap critical bug? Mandrake 9.2 user


Is this virus, or whatever it is (sorry! New to linux ) going around rapidly, all and all, should I be that worried. I ask because I have no idea how to install the new kernel on my new Mandrake 9.2 machine. Thanks
 
Old 02-20-2004, 06:27 PM   #2
peace
Member
 
Registered: Jul 2003
Location: Canada
Posts: 214

Rep: Reputation: 31
It is not a virus, it is a vulnerability in the kernel. This does not have an exploit coded for it yet, I haven't even (personally) seen a Proof of Concept.

Essentially, this problem can allow a local user to gain superuser (root) privledges. If you do not give access to untrusted users (SSH, telnet, etc) then this is not something you have to be worried about.

Mandrake will no doubt assist you in patching (or securing) this kernel, however the Mandrake distro handles this sort of thing.
 
Old 02-20-2004, 06:50 PM   #3
Fear58
Member
 
Registered: Feb 2004
Location: Reno, Nevada
Distribution: Mandrake 9.2
Posts: 221

Original Poster
Rep: Reputation: 30
Thanks. All I needed to know.
 
Old 02-21-2004, 12:42 PM   #4
cjcuk
Member
 
Registered: Dec 2003
Distribution: Openwall, ~LFS
Posts: 128

Rep: Reputation: 15
Quote:
Originally posted by peace
This does not have an exploit coded for it yet, I haven't even (personally) seen a Proof of Concept.
Just to point out that: a) the advisory that announced the problem stated that they would be releasing exploit code one week after the release and b) that the bug only requires fairly trivial modifications of old PoC's for a PoC on the bug (exploitation is more difficult).
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
About to install Mandrake 10 and XP but worried because of problems I've read about. Jimmer Linux - Software 4 10-15-2004 11:57 AM
Help with Apache 2+ user cgi (is there a bug?) verbal Linux - Software 1 05-10-2004 04:56 PM
When will the mremap() kernel bug get patched? KingofBLASH Slackware 4 03-08-2004 05:53 PM
Yet another mremap critical flaw? chort Linux - Security 5 03-08-2004 01:31 PM
Second mremap critical bug zuessh Linux - Security 19 02-24-2004 06:24 PM


All times are GMT -5. The time now is 08:12 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration