General discussion
Thread display: Collapse - |
All Comments
Start or search
Create a new discussion
If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.
Linux Kernel Exploit 12-5-03!!!!!
For those of you out there who are using the 2.4.x kernels up to 2.4.22, and you do not know about this, read on.
A while ago, debian was broken into. It was later found that the exploit that was used was in every 2.4 kernel version.
The linux community has been relatively silent about this, especially the folks at kernel.org.
Even the major distros have silently released patches and discussions about this that usually exist on such highly regarded newsgroups such as bugtraq and slashdot, have been almost non-existant.
I'm not going to get into the techincal details of the exploit, but just to say you need either the kernel patch or the latest kernel 2.4.23.
Several distros have made available back ported kernels with the patch level included.
To see what your distro has done, a good place to look is: linuxsecurity.org
To get the white paper on the exploit go to:
http://isec.pl/papers/linux_kernel_do_brk.pdf
<soap box>
If your not on bugtraq then shame on you.
If you don't update your kernel and you get owned because of it, don't start crying about it.
Shame on the linux community for their silence. It is extremely shameful to think that we can dish it out but we can't take it.
</soapbox>
LordInfidel