WARN: Major kernel vuln: affects 2.6.x + 2.4.x + 2.2.x
Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
There's a lot of 2.2.25 still in use too, it was popular in the floppy firewall distributions because 2.4 was too big.
I don't know of any "release status" distribution using 2.6.0, for use in the production environment there is a lot of work needed br third party driver writers, especially the binary ones like nvidia and most internal modems
2.6.1 rc-2 is up on kernel.org and fixes the lastest security problem, as well as a ton of other small bugs since the 2.6.0 release. I recommend updating if you are concerned with security and are running a 2.6 kernel series kernel.
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660
Original Poster
Rep:
Quote:
Originally posted by jtshaw ... the most important thing for enterprise linux was for the 2.4 kernel to get fixed.
Agreed. The 2.4 kernel is definitely the most critical for enterprises, but as another poster points out 2.2.x is still in use, and it never looks good when you release what is touted as an "enterprise-friendly" kernel and then appear to be appathetic towards security concerns with said kernel. It's more the appearances then the actual harm (probably only a few profession sites are using the 2.6.x kernels at this point).
My point was supposed to be that I'll bet IBM and Novell (et al) wish Linus had said things a little differently, but I got side-tracked and ended up posting something slightly different than I intended.
Could someone help to explain if this is easily exploited? For example, if a machine is behind a firewall and only allows port 80 would apache accept the exploit and execute it? Or am I way off track with my thinking? Thanks
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660
Original Poster
Rep:
zuessh:
The exploit must be locally exploited, so it has to be a user of the system, or in some way able to get a program to execute code of their choice.
good remark in previous message. If you've read some posts in the thread, it would seem that almost every linux would be under attack pretty soon.
But, indeed, it's a local exploit, so, it's a serious vulnerability, but does that mean that every webserver having a 2.6 kernel is going down pretty soon because there won't be a 2.6.1 out in a few hours? No it doesn't! :-)
So, don't panic, just look at it, see for yourself how 'vulnerable' you might be, and then start screaming :-)
Anyway, if security updates are available, get your systems patched but don't overreact...
Let's not get overly worried about this thing, there have been security issues in the past so this is not something new
besides, like already mentioned, it is not likely this will get super-exploited and take down the linux community
When I first read Linus Torvalds' comments in this post, I actually sympathised with him; think of what would go through his mind and it is not like he is soothed to hear that a major flaw has been detected, especially since he had to find out on a news site after several others had already begun screaming
Many (perhaps most) people here will have kernels with the exploit, yes, but will it lead to the end of anything, absolutely not
Think, if Linus Torvalds did not keep his wits together and make a fairly calm comment under great pressure, he would have lost it! So I ask that we not criticize his remarks.
The patch is already available for those who still worry. Distro companies will have their own special patches for special redhat and suse kernels and such. This is not to say to take the situation lightly, because no one is, and Linus did not (the patch was made as soon as he heard of the problem) and the same goes for the developers of the 2.4 kernel
The same idea of keeping calm is to ensure that other major exploitable problems are placed into the 2.6.1 kernel because the team is being ushered into releasing something prior to the necessary testing phase and such.
The purpose, reiterated, of my post is not to state or mention that the vulnerablity is a problem, however this is in defense of Linus Torvalds, his team, and his recent comments. I hope everyone will understand this and take this into consideration.
*edit: the amount of effort to avoid metioning Windows in this post took more out of me than I thought... I leave for bed now
Last edited by TheOneAndOnlySM; 01-07-2004 at 05:31 PM.
It seems to be indeed so. This was just posted to bugtraq & co:
Hi,
our initial posting contains a mistake about the vulnerability of the
2.2 kernel series. Since the 2.2 kernel series doesn't support the
MREMAP_FIXED flag it is NOT vulnerable. The source states "MREMAP_FIXED
option added 5-Dec-1999" but it didn't make into recent 2.2.x. We
apologize for inconvenience.
jts: Have you *used* 2.6 much? Try it, you'll like it! And, you'll realize why so many people are jumping on it so fast - it's already, IMO, as stable as 2.4.x, and it's unquestionably faster (even on a single-proc desktop). I don't think 2.4 will go down as one of Linux' finer efforts - 2.6.x may well! Especially given the stable point it appears to be starting from.
Mod: Arch has a 2.6 kernel-based install ISO as an option (non-supported, but stable by all reports). It *isn't* their supported, base distro.
I click the closest kernel patch and it starts a down load to a Mac?? add an option to verify the start of download dudes! my Linux box is offline while I look into this so my Mac shouldn't really even start this download.
I looked into it and I found that the mysterious motive for *hacing* Linux boxes is to obtain a hack launch platform to conceal the haxors real IP/box etc. Gees ok, I kinda expected my doz box> Linux transition was going to enhance hac *cough* security, obviously no! But doesn't this actual motive isolate a bit whether or not kernel stability is really the central issue here?
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.