LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 09-16-2006, 05:53 PM   #1
Anilraut
LQ Newbie
 
Registered: Sep 2006
Posts: 2

Rep: Reputation: 0
Thumbs down Root exploit on 2.6.10. Kernel


Hello,

I want to know some details about how root eploit is caused on LILO kernel versions 2.6.10 for Linux servers.


Thanks,
 
Old 09-16-2006, 07:24 PM   #2
macemoneta
Senior Member
 
Registered: Jan 2005
Location: Manalapan, NJ
Distribution: Fedora x86 and x86_64, Debian PPC and ARM, Android
Posts: 4,593
Blog Entries: 2

Rep: Reputation: 344Reputation: 344Reputation: 344Reputation: 344
There's some confusion. LILO is not a distribution, it is a bootloader. As a result, it does not have a kernel, but rather loads kernels into memory and passes control to them.

While it is certainly possible that the 2.6.10 kernel had some exploit(s), the current kernel is 2.6.17 based as of this writing. In addition, commercial servers tend to use major distributions, and those major distributions back-port security fixes. So while a kernel may be based on 2.6.10, it may in fact have all known security patches. This is done to maximize the stability of the kernel (and other software).
 
Old 09-21-2006, 02:01 PM   #3
Anilraut
LQ Newbie
 
Registered: Sep 2006
Posts: 2

Original Poster
Rep: Reputation: 0
Hello macemoneta,


Thanx for the quick and Helpful response. please could you tell me something more about which security patches should be provided with the kernel version 2.6.10. And which are the most stable kernel versions used recently with Grub boot loader.


Thanks in Advance
 
Old 09-21-2006, 02:59 PM   #4
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 380Reputation: 380Reputation: 380Reputation: 380
Quote:
Originally Posted by Anilraut
please could you tell me something more about which security patches should be provided with the kernel version 2.6.10.
there's probably too many to list... if your distribution is providing this old kernel version, then they would also be expected to do the patching for you... it would be really weird if you had to manually patch such an old kernel on your own...

your best bet (in case your distribution isn't patching the kernel for you) is probably to upgrade to an up-to-date kernel IMHO... keep in mind that the latest stable version as of this post is 2.6.18, while the 2.6.16.y and 2.6.17.y trees are still being maintained...

Quote:
And which are the most stable kernel versions used recently with Grub boot loader.
they've all been used with the grub boot loader... you shouldn't have any problems at all if you pick the latest stable version, or a previous (but still adequately maintained) version...

Last edited by win32sux; 09-21-2006 at 03:01 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Kernel race condition exploit solution jlangelier Slackware 12 01-14-2005 10:15 AM
WARN: Remote Root Exploit in SuSE 9.1 Live CD Capt_Caveman Linux - Security 0 05-10-2004 09:39 PM
Linux kernel exploit in the wild chort Linux - Security 9 12-04-2003 11:18 PM
i need PATCH that protect against local root exploit for kernel 2.2.19 Slackware veenrak Linux - Security 2 10-09-2002 09:23 PM
WuFTPD strikes again - remote root exploit jeremy Linux - Security 0 11-29-2001 08:59 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 04:13 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration