Re: local root exploit

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On Feb 11, 2008 8:19 AM, Scott McClanahan <scott.mcclanahan@xxxxxxxxxxxx> wrote:
>
> On Mon, 2008-02-11 at 04:52 -0800, Michael A. Peters wrote:
> > Valent Turkovic wrote:
> > > I saw that there is a local root exploit in the wild.
> > > http://blog.kagesenshi.org/2008/02/local-root-exploit-on-wild.html
> > >
> > > And I see my centos box still has:  2.6.18-53.1.4.el5
> > >
> > > yum says there are no updates... am I safe?
> > >
> > > Valent.

> > The current kernel is 53.1.6.el5
> >
> > If yum isn't seeing it - it probably needs to clean its cached headers.
> >
> > try:
> >
> > yum clean headers
> > yum update kernel
> >
> > However - the 53.1.6.el5 release also is vulnerable, so you may as well
> > wait for the exploit to be fixed before updating. I'm guessing CentOS
> > will do it fairly quickly after rhel does.
> >
>
> I understand that a known root exploit must be patched but I'm curious
> to know if we upgrade to the fixed kernel once released will it also
> include the degraded nfs performance discussed here:
>
> https://bugzilla.redhat.com/show_bug.cgi?id=431092

We have to wait and see, but my impression is that the nfs fix would
not be in the updated kernel (I hope I am wrong).  They are talking
about getting it into 5.2 (even possibly into 5.3).  I can see that
this is a problem.  Now, we can not "stay with 53.1.4"  on the systems
where the local root exploit is a serious problem.

Akemi

Akemi
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux