Really nasty Linux security bug
Eric Eisenhart
eric at eisenhart.com
Sat Oct 20 09:05:38 PDT 2001
On Fri, Oct 19, 2001 at 11:55:59AM -0700, Troy Engel wrote:
> > There are two bugs present in Linux kernels 2.2.x, x<=19 and 2.4.y, y<=9.
> > The first vulnerability results in local DoS. The second one, involving
> > ptrace, can be used to gain root privileges locally (in case of default
> > install of most popular distributions). Linux 2.0.x is not vulnerable to the
> > ptrace bug mentioned.
>
> As a supporting helpnote, the stupid RedHat Up2Date thingy is all whack today, and https://www.rhns.redhat.com is totally screwed. You're best to use FTP to updates.redhat.com and download the bunches of Oct. 18 dated updates.
>
> /me returns to updating tons of machines...
Or, as of about 1am this morning, you can grab those same files off of
mirror.nblug.org. Lot of stuff is updated, too. (I get an email report)
"up2date-nox --update" is easier to deal with slowness than the X
interface; working just fine for me right now. Of course, I'm currently
being annoyed that security.debian.org is being really laggy...
If you've got debian, make sure you've got a line somewhat like this in
/etc/apt/sources.list:
deb http://security.debian.org potato/updates main contrib non-free
(depending on your version, of course)
Then just run "apt-get update;apt-get upgrade".
--
Eric Eisenhart Freedom is slavery. http://eric.eisenhart.com/
^ ICQ#: 48217244 Ignorance is strength. eric-dot-sig at eisenhart.com
/e\ Perl&SQL Coder War is peace. IRC Nicks: Falsch Freiheit
--- -- George Orwell
More information about the talk
mailing list