public inbox for gentoo-user@lists.gentoo.org
 help / color / mirror / Atom feed
* [gentoo-user] Linux Kernel Warning
@ 2006-07-14 21:01 Timothy A. Holmes
  2006-07-14 21:15 ` Richard Fish
                   ` (3 more replies)
  0 siblings, 4 replies; 8+ messages in thread
From: Timothy A. Holmes @ 2006-07-14 21:01 UTC (permalink / raw
  To: gentoo-user

Hi Folks:

I received the following warning from SANS yesterday, and I need to know
how to appropriately respond:

http://www.isc.sans.org/diary.php?storyid=1482

To summarize the story at the above link, there appears to be a
vulnerability in the linux kernel, which when exploited, will allow a
user to gain root privileges.  

Normally, I would simply upgrade to the latest kernel from portage, and
be done with it, however, here is the problem:

QUOTING SANS HERE:
"As all kernels 2.6.13 up to version 2.6.17.4 and 2.6.16 before
2.6.16.24 are affected, you should patch as soon as possible, even if
you don't allow any local users on your machines."

As of this morning, the latest Kernel version in portage is 2.6.16-r12.
It seems that there is a different versioning / naming scheme used but
im not sure.  Can someone please let me know how to respond, or point me
to appropriate reading so I can protect myself.

Thanks

TIM

Timothy A. Holmes
IT Manager / Network Admin / Web Master / Computer Teacher
 
Medina Christian Academy
A Higher Standard...
 


-- 
gentoo-user@gentoo.org mailing list



^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: [gentoo-user] Linux Kernel Warning
  2006-07-14 21:01 Timothy A. Holmes
@ 2006-07-14 21:15 ` Richard Fish
  2006-07-14 21:22 ` Raymond Lewis Rebbeck
                   ` (2 subsequent siblings)
  3 siblings, 0 replies; 8+ messages in thread
From: Richard Fish @ 2006-07-14 21:15 UTC (permalink / raw
  To: gentoo-user

On 7/14/06, Timothy A. Holmes <tholmes@mcaschool.net> wrote:
> As of this morning, the latest Kernel version in portage is 2.6.16-r12.

Using gentoo-sources?  Check /usr/portage/sys-kernel/gentoo-sources/ChangeLog:

*gentoo-sources-2.6.16-r12 (06 Jul 2006)

  06 Jul 2006; Daniel Drake <dsd@gentoo.org>
  +gentoo-sources-2.6.16-r12.ebuild:
  Update to Linux 2.6.16.24 for coredump privilege escalation security fix

-Richard
-- 
gentoo-user@gentoo.org mailing list



^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: [gentoo-user] Linux Kernel Warning
  2006-07-14 21:01 Timothy A. Holmes
  2006-07-14 21:15 ` Richard Fish
@ 2006-07-14 21:22 ` Raymond Lewis Rebbeck
  2006-07-14 21:24 ` Donnie Berkholz
  2006-07-14 21:40 ` Daniel Drake
  3 siblings, 0 replies; 8+ messages in thread
From: Raymond Lewis Rebbeck @ 2006-07-14 21:22 UTC (permalink / raw
  To: gentoo-user

On Saturday, 15 July 2006 6:31, Timothy A. Holmes wrote:
> Hi Folks:
>
> I received the following warning from SANS yesterday, and I need to know
> how to appropriately respond:
>
> http://www.isc.sans.org/diary.php?storyid=1482
>
> To summarize the story at the above link, there appears to be a
> vulnerability in the linux kernel, which when exploited, will allow a
> user to gain root privileges.
>
> Normally, I would simply upgrade to the latest kernel from portage, and
> be done with it, however, here is the problem:
>
> QUOTING SANS HERE:
> "As all kernels 2.6.13 up to version 2.6.17.4 and 2.6.16 before
> 2.6.16.24 are affected, you should patch as soon as possible, even if
> you don't allow any local users on your machines."
>
> As of this morning, the latest Kernel version in portage is 2.6.16-r12.
> It seems that there is a different versioning / naming scheme used but
> im not sure.  Can someone please let me know how to respond, or point me
> to appropriate reading so I can protect myself.

gentoo-sources-2.6.16-r2 includes the 2.6.16.24 patchset. Have a look at the 
ebuild changelog:

http://www.gentoo.org/cgi-bin/viewcvs.cgi/*checkout*/sys-kernel/gentoo-sources/ChangeLog

-- 
Raymond Lewis Rebbeck
-- 
gentoo-user@gentoo.org mailing list



^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: [gentoo-user] Linux Kernel Warning
  2006-07-14 21:01 Timothy A. Holmes
  2006-07-14 21:15 ` Richard Fish
  2006-07-14 21:22 ` Raymond Lewis Rebbeck
@ 2006-07-14 21:24 ` Donnie Berkholz
  2006-07-14 21:44   ` Ow Mun Heng
  2006-07-14 21:40 ` Daniel Drake
  3 siblings, 1 reply; 8+ messages in thread
From: Donnie Berkholz @ 2006-07-14 21:24 UTC (permalink / raw
  To: gentoo-user

[-- Attachment #1: Type: text/plain, Size: 786 bytes --]

Timothy A. Holmes wrote:
> As of this morning, the latest Kernel version in portage is 2.6.16-r12.
> It seems that there is a different versioning / naming scheme used but
> im not sure.  Can someone please let me know how to respond, or point me
> to appropriate reading so I can protect myself.

http://marc.theaimsgroup.com/?l=git-commits-head&m=115273802320119&w=2
is the actual commit, with a fair bit of detail about it. You could pull
the 1-line patch from there and apply it to your kernel. There's also
the workaround mentioned in the SANS message if you don't feel
comfortable with patching, as long as you don't need to use core dumps
as non-root.

For gentoo-sources, the most reliable way to figure out what's going on
is the ChangeLog.

Thanks,
Donnie


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 249 bytes --]

^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: [gentoo-user] Linux Kernel Warning
  2006-07-14 21:01 Timothy A. Holmes
                   ` (2 preceding siblings ...)
  2006-07-14 21:24 ` Donnie Berkholz
@ 2006-07-14 21:40 ` Daniel Drake
  2006-07-14 22:59   ` Daniel Drake
  3 siblings, 1 reply; 8+ messages in thread
From: Daniel Drake @ 2006-07-14 21:40 UTC (permalink / raw
  To: gentoo-user

Timothy A. Holmes wrote:
> As of this morning, the latest Kernel version in portage is 2.6.16-r12.
> It seems that there is a different versioning / naming scheme used but
> im not sure.  Can someone please let me know how to respond, or point me
> to appropriate reading so I can protect myself.

2.6.16-r12 is protected from this bug. From the ChangeLog:

*gentoo-sources-2.6.16-r12 (06 Jul 2006)

   06 Jul 2006; Daniel Drake <dsd@gentoo.org>
   +gentoo-sources-2.6.16-r12.ebuild:
   Update to Linux 2.6.16.24 for coredump privilege escalation security fix

However, there is a new security bug in the wild, with similar 
implications. Keep an eye open for new kernel releases over the next few 
hours.

Daniel
-- 
gentoo-user@gentoo.org mailing list



^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: [gentoo-user] Linux Kernel Warning
  2006-07-14 21:24 ` Donnie Berkholz
@ 2006-07-14 21:44   ` Ow Mun Heng
  0 siblings, 0 replies; 8+ messages in thread
From: Ow Mun Heng @ 2006-07-14 21:44 UTC (permalink / raw
  To: gentoo-user

On Fri, 2006-07-14 at 14:24 -0700, Donnie Berkholz wrote:
>  There's also
> the workaround mentioned in the SANS message if you don't feel
> comfortable with patching, as long as you don't need to use core dumps
> as non-root.

Besides that, there's also the fact that if you don't have local users,
then it's pretty safe.(Unless you get hacked for a 0-day or for not
doing glsa-checks)

My Take anyway.

(that and the workaround)
-- 
Ow Mun Heng <Ow.Mun.Heng@wdc.com>

-- 
gentoo-user@gentoo.org mailing list



^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: [gentoo-user] Linux Kernel Warning
  2006-07-14 21:40 ` Daniel Drake
@ 2006-07-14 22:59   ` Daniel Drake
  0 siblings, 0 replies; 8+ messages in thread
From: Daniel Drake @ 2006-07-14 22:59 UTC (permalink / raw
  To: gentoo-user

Daniel Drake wrote:
> However, there is a new security bug in the wild, with similar 
> implications. Keep an eye open for new kernel releases over the next few 
> hours.

No patch yet, suitable workaround is:
# mount -o remount,noexec /proc

Daniel
-- 
gentoo-user@gentoo.org mailing list



^ permalink raw reply	[flat|nested] 8+ messages in thread

* RE: [gentoo-user] Linux Kernel Warning
@ 2006-07-15 14:47 Timothy A. Holmes
  0 siblings, 0 replies; 8+ messages in thread
From: Timothy A. Holmes @ 2006-07-15 14:47 UTC (permalink / raw
  To: gentoo-user


> -----Original Message-----
> From: Daniel Drake [mailto:dsd@gentoo.org]
> Sent: Friday, July 14, 2006 6:59 PM
> To: gentoo-user@lists.gentoo.org
> Subject: Re: [gentoo-user] Linux Kernel Warning
> 
> Daniel Drake wrote:
> > However, there is a new security bug in the wild, with similar
> > implications. Keep an eye open for new kernel releases over the next
few
> > hours.
> 
> No patch yet, suitable workaround is:
> # mount -o remount,noexec /proc
> 
> Daniel
> --
> gentoo-user@gentoo.org mailing list

[Timothy A. Holmes] 
Thanks folks:

Guess I learned something else new! --  I am finding out fast that
learning and using gentoo is mostly like trying to drink from a firehose
:)



Timothy A. Holmes
IT Manager / Network Admin / Web Master / Computer Teacher
 
Medina Christian Academy
A Higher Standard...


-- 
gentoo-user@gentoo.org mailing list



^ permalink raw reply	[flat|nested] 8+ messages in thread

end of thread, other threads:[~2006-07-15 14:54 UTC | newest]

Thread overview: 8+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2006-07-15 14:47 [gentoo-user] Linux Kernel Warning Timothy A. Holmes
  -- strict thread matches above, loose matches on Subject: below --
2006-07-14 21:01 Timothy A. Holmes
2006-07-14 21:15 ` Richard Fish
2006-07-14 21:22 ` Raymond Lewis Rebbeck
2006-07-14 21:24 ` Donnie Berkholz
2006-07-14 21:44   ` Ow Mun Heng
2006-07-14 21:40 ` Daniel Drake
2006-07-14 22:59   ` Daniel Drake

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox