• Welcome to Valhalla Legends Archive.
 

Linux Exploit

Started by muert0, June 15, 2004, 01:50 AM

Previous topic - Next topic

muert0

http://linuxreviews.org/news/2004-06-11_kernel_crash/index.html

For any of you out there you may wanna patch. The exploit crashes  2.4 and 2.6 kernels. And it doesn't require root to run.
To lazy for slackware.

Mephisto


Thing

Mephisto, your insight truly is mind-numbing.

This vulerability should be considered Mild at best.  This is not self replicating.  The major vendors have already released patches.  It is unlikely that a home user allows shell or ftp accounts on their machines.  This vuln does not give elevated priveledges.  Users on unpatched boxes would need to have brain damage to crash the box that they have an account on.  Such activity is easily traceable and the offending user would have his pee-pee smacked.

Now, back to my mid-morning nap.
That sucking sound you hear is my bandwidth.

iago

Quote from: Thing on June 15, 2004, 06:41 AM
Users on unpatched boxes would need to have brain damage to crash the box that they have an account on.

hmm, I think I'm going to crash my own computer.  Huk!
This'll make an interesting test for broken AV:
QuoteX5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*


mynameistmp

This is a kernel vulnerability that traverses stable version releases.  Perhaps it is not necessary for home users to run shell servers or ftp servers on their linux machines but who doesn't run atleast one of the two ? On the other side of this mild leaf, there is industry. If this is a bug that only strikes on a commercial level, it's not a serious problem. I trust you'll pick up on that last one.

Providing services on a professional level, upgrading the kernel on every system is a huge pain in the ass. You'll have to license or design a distribution method, and reboot every machine. Any kernel bug in a linux kernel stable release is considered very serious. Providing stable services while rebooting per/kernelrelease doesn't work.

There is however one saving grace for some of us that have to deal with this. It has been noted that grsecurity's PAX implementation doesn't prevent this problem. However, you can use grsec's ACL system as a form of prevention. So, if you have grsecurity (2.4.* , or 2.6.*) patches compiled with your kernel you save yourself a reboot/kernel install for now.
"This idea is so odd, it is hard to know where to begin in challenging it." - Martin Barker, British scholar

Mephisto

Quote from: Thing on June 15, 2004, 06:41 AM
Mephisto, your insight truly is mind-numbing.

It was a joke out of bordrem.  *shrug*
People should at least be able to detect sarcasm to an extent...

Tuberload

Quote from: Mephisto on June 15, 2004, 03:50 PM
Quote from: Thing on June 15, 2004, 06:41 AM
Mephisto, your insight truly is mind-numbing.

It was a joke out of bordrem.  *shrug*
People should at least be able to detect sarcasm to an extent...

And others should humble themselves a little bit... *shrug*
Quote"Pray not for lighter burdens, but for stronger backs." -- Teddy Roosevelt
"Your forefathers have given you freedom, so good luck, see you around, hope you make it" -- Unknown

hismajesty

Quote from: Mephisto on June 15, 2004, 03:50 PM
Quote from: Thing on June 15, 2004, 06:41 AM
Mephisto, your insight truly is mind-numbing.

It was a joke out of bordrem.  *shrug*
People should at least be able to detect sarcasm to an extent...

Well you being the M$ zealot that you are it wasn't too clear.

Thing

Mephisto, allow me to enlighten you.
http://dictionary.reference.com/search?q=sarcasm
1. # A cutting, often ironic remark intended to wound.
2. # A form of wit that is marked by the use of sarcastic language and is intended to make its victim the butt of contempt or ridicule.

There was nothing witty or ironic in your statement "Down with Linux!"  Quite the contrary, you sound like a religious or political zealot chanting a redundant phrase such as "Down with grapes!".  Therfore, I took it as the bland remark that it was.  My ripost "Mephisto, your insight truly is mind-numbing." was quite witty and fits the definition of sarcasm quite well.  Please PM me with your mailing address so that I can send you a bill for your education.

-------------------------------------------------------

mynameistmp,  have you considered scheduling updates via a cron job.  SuSE makes it possible to update via http, ftp, smb, nfs, cd or dvd using online_update.
That sucking sound you hear is my bandwidth.

Mephisto

I guess I had a different idea of what the expression "Down with Linux!" was.  But nontheless it was a joking around.  Anyways, you don't have to be so technical about it or such a bitch.  ;)  Jesus, what are people in this world coming to...

iago

Quote from: Mephisto on June 15, 2004, 10:08 PM
I guess I had a different idea of what the expression "Down with Linux!" was.  But nontheless it was a joking around.  Anyways, you don't have to be so technical about it or such a bitch.  ;)  Jesus, what are people in this world coming to...

Coming to?  I've known Thing since you were like 8, and he's always been a bitch.  That's why we love him so much! :)
This'll make an interesting test for broken AV:
QuoteX5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*