Hi Paul! On 8/14/09, Paul Mooring wrote: > Anybody seen this? > http://archives.neohapsis.com/archives/fulldisclosure/2009-08/0174.html Yes, we regularly review the kernel level Null deference pointers and their potential for exploit. This is an OLD basic level C stack issue that comes up in various ways (glibc, ssh, etc.) Linus did provide a patch, which requires a recompile for you custom kernel types. If you are running Suse, Redhat/Fedora, or debian/Ubuntu, you simply follow their kernel patch protocol (usually only a reboot). This is trivial with adequate safety steps (USB NAS, booting to say LiveCD/USBkey Knoppix and dd existing sources prior to recompile). An excellent understanding of kernel builds and resurrection in the case of disaster is recommended. Without a complete evaluation of your existing kernel and server utilization, I can't give you a full risk assessment, but certainly suggest that you maintain all of your systems with the most current patch levels, should you have any interest in maintaining pwnership and uptime. > and more importantly is there someone more knowledgable than me that can > tell me a way to check if my system are affected by this? (I'm using > mostly all custom compiled kernels). > > --------------------------------------------------- > PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us > To subscribe, unsubscribe, or to change your mail settings: > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss > -- http://linuxgazette.net/165/kachold.html (623)239-3392 (503)754-4452 www.obnosis.com --------------------------------------------------- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss