On Fri, 2003-03-21 at 17:02, Vox wrote: > This time Bryan Whitehead <[EMAIL PROTECTED]> > becomes daring and writes: > > > Vox wrote: > >> This time Bryan Whitehead <[EMAIL PROTECTED]> becomes daring and > >> writes: > >> > >>>Are we going to be getting kernel updates for the local root > >>>problem? > >> Vincent and the kernel dudes are working on this...some time next > >> week you'll get them. Meanwhile you can do, as root: > >> echo "/path/to/non-existant/file" > /proc/sys/kernel/modprobe > >> And you'll be protected. > >> > >>>Or the new problem with glibc? > >> Uhm...haven't heard about this one yet. > > > > http://www.eeye.com/html/Research/Advisories/AD20030318.html > > > > :-D > > > > Basically an rpc problem... effects things like portmap and stuff. (I > > not 100% sure portmap is directly open but others seem to think so) > > Uhm...from what I read there it's a portmap/RPC problem...good thing > I don't run portmap anywhere :) > > > Combo remote exploit using portmap/rpc problem and kernel root is not > > good.... > > Agreed. > > > I keep up with this stuff, I have over 100 machines to keep > > secure... ;) > > I usually keep up with this stuff too...but since I don't use > portmap I didn't pay attention to it when it went through bugtraq > (if it did go through it). > > Vox
Wasn't this a known hole in 2.9x and fixed in 3.1+ ? James
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com