Re: Kernel vulnerability

Top Page
Attachments:
Message as email
+ (text/plain)
Delete this message
Reply to this message
Author: Lisa Kachold
Date:  
To: Main PLUG discussion list
Subject: Re: Kernel vulnerability
Hi Paul!


On 8/14/09, Paul Mooring <> wrote:
> Anybody seen this?
> http://archives.neohapsis.com/archives/fulldisclosure/2009-08/0174.html


Yes, we regularly review the kernel level Null deference pointers and
their potential for exploit.

This is an OLD basic level C stack issue that comes up in various ways
(glibc, ssh, etc.)

Linus did provide a patch, which requires a recompile for you custom
kernel types.

If you are running Suse, Redhat/Fedora, or debian/Ubuntu, you simply
follow their kernel patch protocol (usually only a reboot).

This is trivial with adequate safety steps (USB NAS, booting to say
LiveCD/USBkey Knoppix and dd existing sources prior to recompile). An
excellent understanding of kernel builds and resurrection in the case
of disaster is recommended.

Without a complete evaluation of your existing kernel and server
utilization, I can't give you a full risk assessment, but certainly
suggest that you maintain all of your systems with the most current
patch levels, should you have any interest in maintaining pwnership
and uptime.

> and more importantly is there someone more knowledgable than me that can
> tell me a way to check if my system are affected by this? (I'm using
> mostly all custom compiled kernels).
>
> ---------------------------------------------------
> PLUG-discuss mailing list -
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>



--
http://linuxgazette.net/165/kachold.html
(623)239-3392
(503)754-4452 www.obnosis.com
---------------------------------------------------
PLUG-discuss mailing list -
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss