Re: [expert] Kernel and glibc updates?
This time Martin Fahrendorf <[EMAIL PROTECTED]> becomes daring and writes: > Am Samstag, 22. März 2003 01:38 schrieb Vox: >> This time Bryan Whitehead <[EMAIL PROTECTED]> >> >> becomes daring and writes: >> > Are we going to be getting kernel updates for the local root >> > problem? >> >> Vincent and the kernel dudes are working on this...some time next >> week you'll get them. Meanwhile you can do, as root: >> >> echo "/path/to/non-existant/file" > /proc/sys/kernel/modprobe >> > > So, what does this exactly do? It disallows auto-loading of modules...which is a step in the exploit of the kernel hole. Vox -- Think of the Linux community as a niche economy isolated by its beliefs. Kind of like the Amish, except that our religion requires us to use _higher_ technology than everyone else. -- Donald B. Marti Jr. pgp0.pgp Description: PGP signature
Re: [expert] Kernel and glibc updates?
Am Samstag, 22. März 2003 01:38 schrieb Vox: > This time Bryan Whitehead <[EMAIL PROTECTED]> > > becomes daring and writes: > > Are we going to be getting kernel updates for the local root > > problem? > > Vincent and the kernel dudes are working on this...some time next > week you'll get them. Meanwhile you can do, as root: > > echo "/path/to/non-existant/file" > /proc/sys/kernel/modprobe > So, what does this exactly do? > And you'll be protected. > > Vox Martin -- H E L I X Gesellschaft für Software & Engineering mbH Hanauer Landstrasse 52 Telefon (069) 4789 35-30 60314 Frankfurt am Main Telefax (069) 4789 35-44 http://www.helix-gmbh.net[EMAIL PROTECTED] pgp0.pgp Description: signature
Re: [expert] Kernel and glibc updates?
On Fri, 2003-03-21 at 21:56, Jack Coates wrote: > On Fri, 2003-03-21 at 21:44, Vincent Danen wrote: > ... > > Let's see... I could have been really quick and put them out the day I built > > them without any testing... would that have been fast enough for you? > ... > > The beatings will continue until morale improves! ROFLMAO Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Kernel and glibc updates?
On Fri, 2003-03-21 at 17:02, Vox wrote: > This time Bryan Whitehead <[EMAIL PROTECTED]> > becomes daring and writes: > > > Vox wrote: > >> This time Bryan Whitehead <[EMAIL PROTECTED]> becomes daring and > >> writes: > >> > >>>Are we going to be getting kernel updates for the local root > >>>problem? > >> Vincent and the kernel dudes are working on this...some time next > >> week you'll get them. Meanwhile you can do, as root: > >> echo "/path/to/non-existant/file" > /proc/sys/kernel/modprobe > >> And you'll be protected. > >> > >>>Or the new problem with glibc? > >> Uhm...haven't heard about this one yet. > > > > http://www.eeye.com/html/Research/Advisories/AD20030318.html > > > > :-D > > > > Basically an rpc problem... effects things like portmap and stuff. (I > > not 100% sure portmap is directly open but others seem to think so) > > Uhm...from what I read there it's a portmap/RPC problem...good thing > I don't run portmap anywhere :) > > > Combo remote exploit using portmap/rpc problem and kernel root is not > > good > > Agreed. > > > I keep up with this stuff, I have over 100 machines to keep > > secure... ;) > > I usually keep up with this stuff too...but since I don't use > portmap I didn't pay attention to it when it went through bugtraq > (if it did go through it). > > Vox Wasn't this a known hole in 2.9x and fixed in 3.1+ ? James Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Kernel and glibc updates?
On Fri Mar 21, 2003 at 09:56:11PM -0800, Jack Coates wrote: > ... > > Let's see... I could have been really quick and put them out the day I built > > them without any testing... would that have been fast enough for you? > ... > > The beatings will continue until morale improves! Yes... I like beatings... =) -- MandrakeSoft Security; http://www.mandrakesecure.net/ Online Security Resource Book; http://linsec.ca/ "lynx -source http://linsec.ca/vdanen.asc | gpg --import" {FE6F2AFD : 88D8 0D23 8D4B 3407 5BD7 66F9 2043 D0E5 FE6F 2AFD} pgp0.pgp Description: PGP signature
Re: [expert] Kernel and glibc updates?
On Fri, 2003-03-21 at 21:44, Vincent Danen wrote: ... > Let's see... I could have been really quick and put them out the day I built > them without any testing... would that have been fast enough for you? ... The beatings will continue until morale improves! -- Jack Coates Monkeynoodle: A Scientific Venture... Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Kernel and glibc updates?
On Fri Mar 21, 2003 at 03:35:36PM -0800, Bryan Whitehead wrote: > Are we going to be getting kernel updates for the local root problem? > > Or the new problem with glibc? > > It's been days now :P Let's see... I could have been really quick and put them out the day I built them without any testing... would that have been fast enough for you? See, this is what makes me laugh, and I don't mean to pick on you, Bryan. When we announced the product EOL policy, people were in an uproar because they felt they deserved longer support periods. Now we're apparently not releasing fast enough (the "it's been days now" comment). Make up your minds, folks. =) Either you want us to support stuff for a long time, or you want updates quickly. You can't have both. Remember, for glibc and the kernel, we're building for the following platforms: 7.2 SNF7.2 8.0 8.0/PPC 8.1 8.1/IA64 8.2 8.2/PPC MNF8.2 9.0 Corporate Server 2.1 9.1 9.1/PPC If you want things tested, it takes time. Heck, building glibc and the kernels for all of these platforms is a 2 day job just *compiling* this stuff. Of course, next week five of those will be gone, which will make the response time much quicker. The whole purpose of the EOL policy. In other words, by "robbing" you of "free" support for old (obsolete) versions, we're actually providing you better service. Don't you just love how that works out? Anyways, more to the point... next week at some point you will have both kernel and glibc updates. And as an aside, questions like this make me chuckle. I know you're eager, but you must realize no one is sleeping at the wheel here. Questions like this are more often than not likely to go unanswered... we are busy building and testing these updates and answering this stuff more verbosely than "soon" is time consuming. Be patient and rest assured that they will be available as quickly as realistically possible; they take a little longer because we'd like to be sure they're ok before you all install a bum kernel (now how much fun would that be?) -- MandrakeSoft Security; http://www.mandrakesecure.net/ Online Security Resource Book; http://linsec.ca/ "lynx -source http://linsec.ca/vdanen.asc | gpg --import" {FE6F2AFD : 88D8 0D23 8D4B 3407 5BD7 66F9 2043 D0E5 FE6F 2AFD} pgp0.pgp Description: PGP signature
Re: [expert] Kernel and glibc updates?
[snip] Uhm...from what I read there it's a portmap/RPC problem...good thing I don't run portmap anywhere :) It is a RPC library problem in glibc. This is just an example of the impact. named uses RPC stuff extensivly also... so if you run a DNS you might want to worry a bit. Combo remote exploit using portmap/rpc problem and kernel root is not good Agreed. I keep up with this stuff, I have over 100 machines to keep secure... ;) I usually keep up with this stuff too...but since I don't use portmap I didn't pay attention to it when it went through bugtraq (if it did go through it). I saw it thru CERT. -- Bryan Whitehead SysAdmin - JPL - Interferometry Systems and Technology Phone: 818 354 2903 [EMAIL PROTECTED] Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Kernel and glibc updates?
This time Bryan Whitehead <[EMAIL PROTECTED]> becomes daring and writes: > Vox wrote: >> This time Bryan Whitehead <[EMAIL PROTECTED]> becomes daring and >> writes: >> >>>Are we going to be getting kernel updates for the local root >>>problem? >> Vincent and the kernel dudes are working on this...some time next >> week you'll get them. Meanwhile you can do, as root: >> echo "/path/to/non-existant/file" > /proc/sys/kernel/modprobe >> And you'll be protected. >> >>>Or the new problem with glibc? >> Uhm...haven't heard about this one yet. > > http://www.eeye.com/html/Research/Advisories/AD20030318.html > > :-D > > Basically an rpc problem... effects things like portmap and stuff. (I > not 100% sure portmap is directly open but others seem to think so) Uhm...from what I read there it's a portmap/RPC problem...good thing I don't run portmap anywhere :) > Combo remote exploit using portmap/rpc problem and kernel root is not > good Agreed. > I keep up with this stuff, I have over 100 machines to keep > secure... ;) I usually keep up with this stuff too...but since I don't use portmap I didn't pay attention to it when it went through bugtraq (if it did go through it). Vox -- Think of the Linux community as a niche economy isolated by its beliefs. Kind of like the Amish, except that our religion requires us to use _higher_ technology than everyone else. -- Donald B. Marti Jr. pgp0.pgp Description: PGP signature
Re: [expert] Kernel and glibc updates?
Vox wrote: This time Bryan Whitehead <[EMAIL PROTECTED]> becomes daring and writes: Are we going to be getting kernel updates for the local root problem? Vincent and the kernel dudes are working on this...some time next week you'll get them. Meanwhile you can do, as root: echo "/path/to/non-existant/file" > /proc/sys/kernel/modprobe And you'll be protected. Or the new problem with glibc? Uhm...haven't heard about this one yet. here is a better link: http://www.kb.cert.org/vuls/id/516825 Redhat is confirmed Vulnerable. https://rhn.redhat.com/errata/RHSA-2003-089.html -- Bryan Whitehead SysAdmin - JPL - Interferometry Systems and Technology Phone: 818 354 2903 [EMAIL PROTECTED] Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Kernel and glibc updates?
Vox wrote: This time Bryan Whitehead <[EMAIL PROTECTED]> becomes daring and writes: Are we going to be getting kernel updates for the local root problem? Vincent and the kernel dudes are working on this...some time next week you'll get them. Meanwhile you can do, as root: echo "/path/to/non-existant/file" > /proc/sys/kernel/modprobe And you'll be protected. Or the new problem with glibc? Uhm...haven't heard about this one yet. http://www.eeye.com/html/Research/Advisories/AD20030318.html :-D Basically an rpc problem... effects things like portmap and stuff. (I not 100% sure portmap is directly open but others seem to think so) Combo remote exploit using portmap/rpc problem and kernel root is not good I keep up with this stuff, I have over 100 machines to keep secure... ;) -- Bryan Whitehead SysAdmin - JPL - Interferometry Systems and Technology Phone: 818 354 2903 [EMAIL PROTECTED] Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Kernel and glibc updates?
This time Bryan Whitehead <[EMAIL PROTECTED]> becomes daring and writes: > Are we going to be getting kernel updates for the local root > problem? Vincent and the kernel dudes are working on this...some time next week you'll get them. Meanwhile you can do, as root: echo "/path/to/non-existant/file" > /proc/sys/kernel/modprobe And you'll be protected. > Or the new problem with glibc? Uhm...haven't heard about this one yet. > It's been days now :P Yes...and right on release week, which means Vincent and the rest of the mdk team are busy as hell or about to die...so...be patient :P Vox -- Think of the Linux community as a niche economy isolated by its beliefs. Kind of like the Amish, except that our religion requires us to use _higher_ technology than everyone else. -- Donald B. Marti Jr. pgp0.pgp Description: PGP signature
[expert] Kernel and glibc updates?
Are we going to be getting kernel updates for the local root problem? Or the new problem with glibc? It's been days now :P -- Bryan Whitehead SysAdmin - JPL - Interferometry Systems and Technology Phone: 818 354 2903 [EMAIL PROTECTED] Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com