Re: [Fwd: [BUGTRAQ] Big problem on 2.0.x?]
im not sure about this.. but i belive i read somewhere there are more than few security holes in RH6.1 i will be more sure after ill get it from actcom in a few days :) Moran Zavdi Warp Security Response Team. [EMAIL PROTECTED] -Original Message- From: James Olin Oden <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] <[EMAIL PROTECTED]> Cc: Moran <[EMAIL PROTECTED]>; ILUG <[EMAIL PROTECTED]> Date: éåí ùðé 13 ãöîáø 1999 18:29 Subject: Re: [Fwd: [BUGTRAQ] Big problem on 2.0.x?] >> >> some people do not want to upgrade their distribution because it will mean a >> lot of work >> updating their scripts. and to move from 2.0.x to 2.2.x you need to upgrade a >> lot ... >> >> it took me for instance, a lot of time to upgrade my server from 2.0.36 (rh5.2) >> to 2.2.x (rh6.1) >> >Also, sometimes the upgrades do some very stupid things. Like RH 5.x - 6.x >seem to all overwrite your smb.conf file. I know on my productions >servers whenever I do an upgrade I spend a half a day getting everything back to >normal. Also, there is the issue of security. I personnally waited >for 6.1 to come out because I knew within the first six months many errata >files would be produced for 6.0 to fix various holes that would be found...james > > >= >To unsubscribe, send mail to [EMAIL PROTECTED] with >the word "unsubscribe" in the message body, e.g., run the command >echo unsubscribe | mail [EMAIL PROTECTED] > ÿÿ To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: [Fwd: [BUGTRAQ] Big problem on 2.0.x?]
> > some people do not want to upgrade their distribution because it will mean a > lot of work > updating their scripts. and to move from 2.0.x to 2.2.x you need to upgrade a > lot ... > > it took me for instance, a lot of time to upgrade my server from 2.0.36 (rh5.2) > to 2.2.x (rh6.1) > Also, sometimes the upgrades do some very stupid things. Like RH 5.x - 6.x seem to all overwrite your smb.conf file. I know on my productions servers whenever I do an upgrade I spend a half a day getting everything back to normal. Also, there is the issue of security. I personnally waited for 6.1 to come out because I knew within the first six months many errata files would be produced for 6.0 to fix various holes that would be found...james = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: [Fwd: [BUGTRAQ] Big problem on 2.0.x?]
some people do not want to upgrade their distribution because it will mean a lot of work updating their scripts. and to move from 2.0.x to 2.2.x you need to upgrade a lot ... it took me for instance, a lot of time to upgrade my server from 2.0.36 (rh5.2) to 2.2.x (rh6.1) regards erez Moran wrote: > hi, > who use 2.0.X this days. > just upgrade to 2.2.13 kernel. > > Moran Zavdi. > > -Original Message- > From: Jonathan Ben-Avraham <[EMAIL PROTECTED]> > To: James Olin Oden <[EMAIL PROTECTED]> > Cc: Omer <[EMAIL PROTECTED]>; Hetz Ben Hamo <[EMAIL PROTECTED]>; > Linux-IL <[EMAIL PROTECTED]> > Date: &yod;&vav;&fmem; &resh;&alef;&shin;&vav;&fnun; 12 &dalet;&tsadi;&mem;&bet;&resh; 1999 21:24 > Subject: Re: [Fwd: [BUGTRAQ] Big problem on 2.0.x?] > > > > >The answer is download.xs4all.nl:/pub/mirror/redhat-updates > > > > - yba > > > >On Fri, 10 Dec 1999, James Olin Oden wrote: > > > >> > > >> > What are you talking about? > >> > > >> > RH contrib? Some other site where you can get kernels > >> > packaged as RPMs? > >> > > >> > We're talking about an enterprise environment here, > >> > OFFICIAL RH errata. Whether or not this is the right > >> > way to go, this is where people look. > >> > > >> > Why don't you head on over to > >> > ftp://ftp.cdrom.com/pub/linux/redhat/updates/5.2/i386/ > >> > (a respectable RH mirror site, no doubt) and check what kernel version > >> > they have in stock. The site is updated, there is nothing wrong with > >> > it. The official RH errata does indeed contain only kernel 2.0.36. > >> > > >> Actually, when it comes to older realeases such as RH 5.x, then do > >> not expect even ftp.cdrom.com to be upto date. Until about two months > >> ago, one of our servers was running the RH 5.2 distribution. A little > >> before we made the conversion to RH 6.1 yet another exploit was found in > >> the wu-ftpd daemon. At the time, it was really hard to get a connection > >> to updates.redhat.com. So I went looking around for a mirror that still > had > >> the RH 5.2 stuff. Well, I got to ftp.cdrom.com and downloaded the > wu-ftdp > >> errata file they had, and installed it without checking its version (a > >> VERY dumb thing to do )-: ). Unfortunately, it happened to be something > >> older than the rpm I was already using. This really hosed things as you > >> might imagine. Eventually I got conencted to updates.redhat.com, and > >> downloaded the correct version with the fix for the exploit. > >> > >> The moral is that mirrors often times may have the a distro's early > realeases, > >> but they are probably only truely mirroring the current release. > >> > >> ..james > >> > >> > Hetz Ben Hamo wrote: > >> > > > >> > > Well, if YOU CHECK you will find that there are RPM's for kernel > 2.0.38 > >> > > for redhat 5.x - compiled and ready. > >> > > > >> > > Just rpm -Uvh kernel-2.0.38(whatever the name is) and thats it.. > >> > > > >> > > Hetz > >> > > > >> > > Omer wrote: > >> > > > > >> > > > Irrelevant. > >> > > > > >> > > > Most people will not upgrade the kernel on their own > >> > > > to the latest stable version, but rather would only > >> > > > upgrade using the official vendor errata. This is how > >> > > > it is for all of the big-time operating systems, and > >> > > > since Linux is poised to make it to the big time, you > >> > > > have to expect this practice to become a lot more common. > >> > > > > >> > > > To which: Say you're a RH user, using 5.x. > >> > > > > >> > > > You will be using RedHat's errata updated for 5.2. > >> > > > > >> > > > The latest kernel included is 2.0.36, not patched > >> > > > to fix this. > >> > > > > >> > > > Hetz Ben Hamo wrote: > >> > > > > > >> > > > > It fixed long time ago on kernel 2.0.38 > >> > > > > > >> > > > > Hetz > >> > > > > > >> > > > > Omer wrote: > >> > > > > >
Re: [Fwd: [BUGTRAQ] Big problem on 2.0.x?]
That might be _an_ answer, but not _the_ answer. At least not to the question at hand. The sites you have all been mentioning are just mirrors, RH mirrors. It is irrelevant whether or not ftp.cdrom.com is updated, because the kernel in question (2.0.38) is NOT part of the official RH errata. Until it is, it will never ever make it into any of the mirrors. James: I'm surprised that you could upgrade the wuftpd package with an older version, rpm won't let you do that unless you (--)force it to. And like I said, checking the mirror itself is useless, you should first check the errata page, then go and find the specific file you're looking for (actually I usually use sunsite at dk or at uk, not walnut creek, they're mirrored daily and are fairly fast) The real issue is that this is a rather serious flaw in the linux kernel, which is yet to be patched. Might I remind you all that this was not yet fixed in 2.0.38 anyhow, so this is all pointless. Jonathan Ben-Avraham wrote: > > The answer is download.xs4all.nl:/pub/mirror/redhat-updates > > - yba > > On Fri, 10 Dec 1999, James Olin Oden wrote: > > > > > > > What are you talking about? > > > > > > RH contrib? Some other site where you can get kernels > > > packaged as RPMs? > > > > > > We're talking about an enterprise environment here, > > > OFFICIAL RH errata. Whether or not this is the right > > > way to go, this is where people look. > > > > > > Why don't you head on over to > > > ftp://ftp.cdrom.com/pub/linux/redhat/updates/5.2/i386/ > > > (a respectable RH mirror site, no doubt) and check what kernel version > > > they have in stock. The site is updated, there is nothing wrong with > > > it. The official RH errata does indeed contain only kernel 2.0.36. > > > > > Actually, when it comes to older realeases such as RH 5.x, then do > > not expect even ftp.cdrom.com to be upto date. Until about two months > > ago, one of our servers was running the RH 5.2 distribution. A little > > before we made the conversion to RH 6.1 yet another exploit was found in > > the wu-ftpd daemon. At the time, it was really hard to get a connection > > to updates.redhat.com. So I went looking around for a mirror that still had > > the RH 5.2 stuff. Well, I got to ftp.cdrom.com and downloaded the wu-ftdp > > errata file they had, and installed it without checking its version (a > > VERY dumb thing to do )-: ). Unfortunately, it happened to be something > > older than the rpm I was already using. This really hosed things as you > > might imagine. Eventually I got conencted to updates.redhat.com, and > > downloaded the correct version with the fix for the exploit. > > > > The moral is that mirrors often times may have the a distro's early realeases, > > but they are probably only truely mirroring the current release. > > > > ..james > > > > > Hetz Ben Hamo wrote: > > > > > > > > Well, if YOU CHECK you will find that there are RPM's for kernel 2.0.38 > > > > for redhat 5.x - compiled and ready. > > > > > > > > Just rpm -Uvh kernel-2.0.38(whatever the name is) and thats it.. > > > > > > > > Hetz > > > > > > > > Omer wrote: > > > > > > > > > > Irrelevant. > > > > > > > > > > Most people will not upgrade the kernel on their own > > > > > to the latest stable version, but rather would only > > > > > upgrade using the official vendor errata. This is how > > > > > it is for all of the big-time operating systems, and > > > > > since Linux is poised to make it to the big time, you > > > > > have to expect this practice to become a lot more common. > > > > > > > > > > To which: Say you're a RH user, using 5.x. > > > > > > > > > > You will be using RedHat's errata updated for 5.2. > > > > > > > > > > The latest kernel included is 2.0.36, not patched > > > > > to fix this. > > > > > > > > > > Hetz Ben Hamo wrote: > > > > > > > > > > > > It fixed long time ago on kernel 2.0.38 > > > > > > > > > > > > Hetz > > > > > > > > > > > > Omer wrote: > > > > > > > > > > > > > > This was posted to BugTraq today, and it seemed > > > > > > > important enough to pass on (even though if you are > > > > > > > a sysadmin and do not regularly read BT, you might > > > > > > > deserve what you get). > > > > > > > > > > > > > > It's what I'd call a HUGE problem, not > > > > > > > merely a big problem (unless of course you have > > > > > > > no local users). In any case, I'd chmod u-s /bin/ping > > > > > > > immediatly, and be careful not to ping as root (if > > > > > > > you're not sure you're up to it, better make it > > > > > > > chmod 000 /bin/ping :) > > > > > > > > > > > > > > Message to BT follows... > > > > > > > > > > > > > > > > > > > > > > > > > > > > > Eduardo Cruz wrote: > > > > > > > > > > > > > > Hello ppl. > > > > > > > > > > > > > > > > > > > > > Last week i was playing with my old linux 2.0.36 i486 box, while i was > > > > > > > playing with the command ping and trying combinations of commands >
Re: [Fwd: [BUGTRAQ] Big problem on 2.0.x?]
Hi Moran, Moran wrote: > Date: Wed, 1 Jan 1997 08:01:24 +0200> > ... > who use 2.0.X this days. > just upgrade to 2.2.13 kernel. And who uses ancient dates these days? And even before Y2K hits us ;-) Just upgrade your date to Sun Dec 12 19:56:05 IST 1999... BTW: The same problem is known (for Solaris systems) for at least one year. -- Eli Marmor = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: [Fwd: [BUGTRAQ] Big problem on 2.0.x?]
hi, who use 2.0.X this days. just upgrade to 2.2.13 kernel. Moran Zavdi. -Original Message- From: Jonathan Ben-Avraham <[EMAIL PROTECTED]> To: James Olin Oden <[EMAIL PROTECTED]> Cc: Omer <[EMAIL PROTECTED]>; Hetz Ben Hamo <[EMAIL PROTECTED]>; Linux-IL <[EMAIL PROTECTED]> Date: éåí øàùåï 12 ãöîáø 1999 21:24 Subject: Re: [Fwd: [BUGTRAQ] Big problem on 2.0.x?] > >The answer is download.xs4all.nl:/pub/mirror/redhat-updates > > - yba > >On Fri, 10 Dec 1999, James Olin Oden wrote: > >> > >> > What are you talking about? >> > >> > RH contrib? Some other site where you can get kernels >> > packaged as RPMs? >> > >> > We're talking about an enterprise environment here, >> > OFFICIAL RH errata. Whether or not this is the right >> > way to go, this is where people look. >> > >> > Why don't you head on over to >> > ftp://ftp.cdrom.com/pub/linux/redhat/updates/5.2/i386/ >> > (a respectable RH mirror site, no doubt) and check what kernel version >> > they have in stock. The site is updated, there is nothing wrong with >> > it. The official RH errata does indeed contain only kernel 2.0.36. >> > >> Actually, when it comes to older realeases such as RH 5.x, then do >> not expect even ftp.cdrom.com to be upto date. Until about two months >> ago, one of our servers was running the RH 5.2 distribution. A little >> before we made the conversion to RH 6.1 yet another exploit was found in >> the wu-ftpd daemon. At the time, it was really hard to get a connection >> to updates.redhat.com. So I went looking around for a mirror that still had >> the RH 5.2 stuff. Well, I got to ftp.cdrom.com and downloaded the wu-ftdp >> errata file they had, and installed it without checking its version (a >> VERY dumb thing to do )-: ). Unfortunately, it happened to be something >> older than the rpm I was already using. This really hosed things as you >> might imagine. Eventually I got conencted to updates.redhat.com, and >> downloaded the correct version with the fix for the exploit. >> >> The moral is that mirrors often times may have the a distro's early realeases, >> but they are probably only truely mirroring the current release. >> >> ..james >> >> > Hetz Ben Hamo wrote: >> > > >> > > Well, if YOU CHECK you will find that there are RPM's for kernel 2.0.38 >> > > for redhat 5.x - compiled and ready. >> > > >> > > Just rpm -Uvh kernel-2.0.38(whatever the name is) and thats it.. >> > > >> > > Hetz >> > > >> > > Omer wrote: >> > > > >> > > > Irrelevant. >> > > > >> > > > Most people will not upgrade the kernel on their own >> > > > to the latest stable version, but rather would only >> > > > upgrade using the official vendor errata. This is how >> > > > it is for all of the big-time operating systems, and >> > > > since Linux is poised to make it to the big time, you >> > > > have to expect this practice to become a lot more common. >> > > > >> > > > To which: Say you're a RH user, using 5.x. >> > > > >> > > > You will be using RedHat's errata updated for 5.2. >> > > > >> > > > The latest kernel included is 2.0.36, not patched >> > > > to fix this. >> > > > >> > > > Hetz Ben Hamo wrote: >> > > > > >> > > > > It fixed long time ago on kernel 2.0.38 >> > > > > >> > > > > Hetz >> > > > > >> > > > > Omer wrote: >> > > > > > >> > > > > > This was posted to BugTraq today, and it seemed >> > > > > > important enough to pass on (even though if you are >> > > > > > a sysadmin and do not regularly read BT, you might >> > > > > > deserve what you get). >> > > > > > >> > > > > > It's what I'd call a HUGE problem, not >> > > > > > merely a big problem (unless of course you have >> > > > > > no local users). In any case, I'd chmod u-s /bin/ping >> > > > > > immediatly, and be careful not to ping as root (if >> > > > > > you're not sure you're up to it, better make it >> > > > > > chmod 000 /bin/ping :) >> > > > > > >> >
Re: [Fwd: [BUGTRAQ] Big problem on 2.0.x?]
The answer is download.xs4all.nl:/pub/mirror/redhat-updates - yba On Fri, 10 Dec 1999, James Olin Oden wrote: > > > > What are you talking about? > > > > RH contrib? Some other site where you can get kernels > > packaged as RPMs? > > > > We're talking about an enterprise environment here, > > OFFICIAL RH errata. Whether or not this is the right > > way to go, this is where people look. > > > > Why don't you head on over to > > ftp://ftp.cdrom.com/pub/linux/redhat/updates/5.2/i386/ > > (a respectable RH mirror site, no doubt) and check what kernel version > > they have in stock. The site is updated, there is nothing wrong with > > it. The official RH errata does indeed contain only kernel 2.0.36. > > > Actually, when it comes to older realeases such as RH 5.x, then do > not expect even ftp.cdrom.com to be upto date. Until about two months > ago, one of our servers was running the RH 5.2 distribution. A little > before we made the conversion to RH 6.1 yet another exploit was found in > the wu-ftpd daemon. At the time, it was really hard to get a connection > to updates.redhat.com. So I went looking around for a mirror that still had > the RH 5.2 stuff. Well, I got to ftp.cdrom.com and downloaded the wu-ftdp > errata file they had, and installed it without checking its version (a > VERY dumb thing to do )-: ). Unfortunately, it happened to be something > older than the rpm I was already using. This really hosed things as you > might imagine. Eventually I got conencted to updates.redhat.com, and > downloaded the correct version with the fix for the exploit. > > The moral is that mirrors often times may have the a distro's early realeases, > but they are probably only truely mirroring the current release. > > ..james > > > Hetz Ben Hamo wrote: > > > > > > Well, if YOU CHECK you will find that there are RPM's for kernel 2.0.38 > > > for redhat 5.x - compiled and ready. > > > > > > Just rpm -Uvh kernel-2.0.38(whatever the name is) and thats it.. > > > > > > Hetz > > > > > > Omer wrote: > > > > > > > > Irrelevant. > > > > > > > > Most people will not upgrade the kernel on their own > > > > to the latest stable version, but rather would only > > > > upgrade using the official vendor errata. This is how > > > > it is for all of the big-time operating systems, and > > > > since Linux is poised to make it to the big time, you > > > > have to expect this practice to become a lot more common. > > > > > > > > To which: Say you're a RH user, using 5.x. > > > > > > > > You will be using RedHat's errata updated for 5.2. > > > > > > > > The latest kernel included is 2.0.36, not patched > > > > to fix this. > > > > > > > > Hetz Ben Hamo wrote: > > > > > > > > > > It fixed long time ago on kernel 2.0.38 > > > > > > > > > > Hetz > > > > > > > > > > Omer wrote: > > > > > > > > > > > > This was posted to BugTraq today, and it seemed > > > > > > important enough to pass on (even though if you are > > > > > > a sysadmin and do not regularly read BT, you might > > > > > > deserve what you get). > > > > > > > > > > > > It's what I'd call a HUGE problem, not > > > > > > merely a big problem (unless of course you have > > > > > > no local users). In any case, I'd chmod u-s /bin/ping > > > > > > immediatly, and be careful not to ping as root (if > > > > > > you're not sure you're up to it, better make it > > > > > > chmod 000 /bin/ping :) > > > > > > > > > > > > Message to BT follows... > > > > > > > > > > > > > > > > > > > > > > > > > Eduardo Cruz wrote: > > > > > > > > > > > > Hello ppl. > > > > > > > > > > > > > > > > > > Last week i was playing with my old linux 2.0.36 i486 box, while i was > > > > > > playing with the command ping and trying combinations of commands > > > > > > i found that when u do a ping -s 65468 -R ANYIPADDRESS ( -R record > > > > > > route) the system starts to print on the screen kernel dumps > > > > > > , freezes complitely and after few secconds the system reboots. > > > > > > > > > > > > The major problem with this (if this is a bug, because i dont have time > > > > > > to install differents kernels and test it better) is that command can be > > > > > > run by everyone > > > > > > because you dont need root permissions to make a -R. > > > > > > > > > > > > I tested this on a 2.0.35 and .36 (both slackware), when u try to do this > > > > > > on a 2.2.x the system prints out "message too long". > > > > > > I think the problem is that there is a size-check missed when u reach the > > > > > > maximun packet size and u put the route information, but anyway > > > > > > i am not a guru on kernels. > > > > > > > > > > > > So, now is time for the kernel experts :) > > > > > > > > > > > > --- > > > > > > Eduardo Cruz - [EMAIL PROTECTED] > > > > > > Network Administrator > > > > > > Telecomm Solutions Group > > > > > >
Re: [Fwd: [BUGTRAQ] Big problem on 2.0.x?]
> > What are you talking about? > > RH contrib? Some other site where you can get kernels > packaged as RPMs? > > We're talking about an enterprise environment here, > OFFICIAL RH errata. Whether or not this is the right > way to go, this is where people look. > > Why don't you head on over to > ftp://ftp.cdrom.com/pub/linux/redhat/updates/5.2/i386/ > (a respectable RH mirror site, no doubt) and check what kernel version > they have in stock. The site is updated, there is nothing wrong with > it. The official RH errata does indeed contain only kernel 2.0.36. > Actually, when it comes to older realeases such as RH 5.x, then do not expect even ftp.cdrom.com to be upto date. Until about two months ago, one of our servers was running the RH 5.2 distribution. A little before we made the conversion to RH 6.1 yet another exploit was found in the wu-ftpd daemon. At the time, it was really hard to get a connection to updates.redhat.com. So I went looking around for a mirror that still had the RH 5.2 stuff. Well, I got to ftp.cdrom.com and downloaded the wu-ftdp errata file they had, and installed it without checking its version (a VERY dumb thing to do )-: ). Unfortunately, it happened to be something older than the rpm I was already using. This really hosed things as you might imagine. Eventually I got conencted to updates.redhat.com, and downloaded the correct version with the fix for the exploit. The moral is that mirrors often times may have the a distro's early realeases, but they are probably only truely mirroring the current release. ..james > Hetz Ben Hamo wrote: > > > > Well, if YOU CHECK you will find that there are RPM's for kernel 2.0.38 > > for redhat 5.x - compiled and ready. > > > > Just rpm -Uvh kernel-2.0.38(whatever the name is) and thats it.. > > > > Hetz > > > > Omer wrote: > > > > > > Irrelevant. > > > > > > Most people will not upgrade the kernel on their own > > > to the latest stable version, but rather would only > > > upgrade using the official vendor errata. This is how > > > it is for all of the big-time operating systems, and > > > since Linux is poised to make it to the big time, you > > > have to expect this practice to become a lot more common. > > > > > > To which: Say you're a RH user, using 5.x. > > > > > > You will be using RedHat's errata updated for 5.2. > > > > > > The latest kernel included is 2.0.36, not patched > > > to fix this. > > > > > > Hetz Ben Hamo wrote: > > > > > > > > It fixed long time ago on kernel 2.0.38 > > > > > > > > Hetz > > > > > > > > Omer wrote: > > > > > > > > > > This was posted to BugTraq today, and it seemed > > > > > important enough to pass on (even though if you are > > > > > a sysadmin and do not regularly read BT, you might > > > > > deserve what you get). > > > > > > > > > > It's what I'd call a HUGE problem, not > > > > > merely a big problem (unless of course you have > > > > > no local users). In any case, I'd chmod u-s /bin/ping > > > > > immediatly, and be careful not to ping as root (if > > > > > you're not sure you're up to it, better make it > > > > > chmod 000 /bin/ping :) > > > > > > > > > > Message to BT follows... > > > > > > > > > > > > > > > > > > > > > Eduardo Cruz wrote: > > > > > > > > > > Hello ppl. > > > > > > > > > > > > > > > Last week i was playing with my old linux 2.0.36 i486 box, while i was > > > > > playing with the command ping and trying combinations of commands > > > > > i found that when u do a ping -s 65468 -R ANYIPADDRESS ( -R record > > > > > route) the system starts to print on the screen kernel dumps > > > > > , freezes complitely and after few secconds the system reboots. > > > > > > > > > > The major problem with this (if this is a bug, because i dont have time > > > > > to install differents kernels and test it better) is that command can be > > > > > run by everyone > > > > > because you dont need root permissions to make a -R. > > > > > > > > > > I tested this on a 2.0.35 and .36 (both slackware), when u try to do this > > > > > on a 2.2.x the system prints out "message too long". > > > > > I think the problem is that there is a size-check missed when u reach the > > > > > maximun packet size and u put the route information, but anyway > > > > > i am not a guru on kernels. > > > > > > > > > > So, now is time for the kernel experts :) > > > > > > > > > > --- > > > > > Eduardo Cruz - [EMAIL PROTECTED] > > > > > Network Administrator > > > > > Telecomm Solutions Group > > > > > Tel: +350 74146 Fax: +350 41781 > > > > > --- > > > > > > > > > > -- > > > > > /--- Omer Efraim, [EMAIL PROTECTED] --\ > > > > > [ Microsoft Vaccine 2000 is configuring your immune system. This may ] > > > > > [ take a few minutes. If your body stop
Re: [Fwd: [BUGTRAQ] Big problem on 2.0.x?]
I confirmed it on a 2.0.38 machine. No patch yet. Hetz Ben Hamo wrote: > > Well, if YOU CHECK you will find that there are RPM's for kernel 2.0.38 > for redhat 5.x - compiled and ready. > > Just rpm -Uvh kernel-2.0.38(whatever the name is) and thats it.. > > Hetz > > Omer wrote: > > > > Irrelevant. > > > > Most people will not upgrade the kernel on their own > > to the latest stable version, but rather would only > > upgrade using the official vendor errata. This is how > > it is for all of the big-time operating systems, and > > since Linux is poised to make it to the big time, you > > have to expect this practice to become a lot more common. > > > > To which: Say you're a RH user, using 5.x. > > > > You will be using RedHat's errata updated for 5.2. > > > > The latest kernel included is 2.0.36, not patched > > to fix this. > > > > Hetz Ben Hamo wrote: > > > > > > It fixed long time ago on kernel 2.0.38 > > > > > > Hetz > > > > > > Omer wrote: > > > > > > > > This was posted to BugTraq today, and it seemed > > > > important enough to pass on (even though if you are > > > > a sysadmin and do not regularly read BT, you might > > > > deserve what you get). > > > > > > > > It's what I'd call a HUGE problem, not > > > > merely a big problem (unless of course you have > > > > no local users). In any case, I'd chmod u-s /bin/ping > > > > immediatly, and be careful not to ping as root (if > > > > you're not sure you're up to it, better make it > > > > chmod 000 /bin/ping :) > > > > > > > > Message to BT follows... > > > > > > > > > > > > > > > > > Eduardo Cruz wrote: > > > > > > > > Hello ppl. > > > > > > > > > > > > Last week i was playing with my old linux 2.0.36 i486 box, while i was > > > > playing with the command ping and trying combinations of commands > > > > i found that when u do a ping -s 65468 -R ANYIPADDRESS ( -R record > > > > route) the system starts to print on the screen kernel dumps > > > > , freezes complitely and after few secconds the system reboots. > > > > > > > > The major problem with this (if this is a bug, because i dont have time > > > > to install differents kernels and test it better) is that command can be > > > > run by everyone > > > > because you dont need root permissions to make a -R. > > > > > > > > I tested this on a 2.0.35 and .36 (both slackware), when u try to do this > > > > on a 2.2.x the system prints out "message too long". > > > > I think the problem is that there is a size-check missed when u reach the > > > > maximun packet size and u put the route information, but anyway > > > > i am not a guru on kernels. > > > > > > > > So, now is time for the kernel experts :) > > > > > > > > --- > > > > Eduardo Cruz - [EMAIL PROTECTED] > > > > Network Administrator > > > > Telecomm Solutions Group > > > > Tel: +350 74146 Fax: +350 41781 > > > > --- > > > > > > > > -- > > > > /--- Omer Efraim, [EMAIL PROTECTED] --\ > > > > [ Microsoft Vaccine 2000 is configuring your immune system. This may ] > > > > [ take a few minutes. If your body stops responding for a long time and ] > > > > [ there is no brain activity please die. Setup will continue after you ] > > > > [are reborn.] > > > > \---/ > > > > - Quoting Buzh, asr > > > > > > > > = > > > > To unsubscribe, send mail to [EMAIL PROTECTED] with > > > > the word "unsubscribe" in the message body, e.g., run the command > > > > echo unsubscribe | mail [EMAIL PROTECTED] > > > > -- > > /--- Omer Efraim, [EMAIL PROTECTED] --\ > > [ Microsoft Vaccine 2000 is configuring your immune system. This may ] > > [ take a few minutes. If your body stops responding for a long time and ] > > [ there is no brain activity please die. Setup will continue after you ] > > [are reborn.] > > \---/ > > - Quoting Buzh, asr > > = > To unsubscribe, send mail to [EMAIL PROTECTED] with > the word "unsubscribe" in the message body, e.g., run the command > echo unsubscribe | mail [EMAIL PROTECTED] -- /--- Omer Efraim, [EMAIL PROTECTED] --\ [ Microsoft Vaccine 2000 is configuring your immune system. This may ] [ take a few minutes. If your body stops responding for a long time and ] [ there is no brain activity please die. Setup will continue after you ] [are reborn.] \---
Re: [Fwd: [BUGTRAQ] Big problem on 2.0.x?]
What are you talking about? RH contrib? Some other site where you can get kernels packaged as RPMs? We're talking about an enterprise environment here, OFFICIAL RH errata. Whether or not this is the right way to go, this is where people look. Why don't you head on over to ftp://ftp.cdrom.com/pub/linux/redhat/updates/5.2/i386/ (a respectable RH mirror site, no doubt) and check what kernel version they have in stock. The site is updated, there is nothing wrong with it. The official RH errata does indeed contain only kernel 2.0.36. Hetz Ben Hamo wrote: > > Well, if YOU CHECK you will find that there are RPM's for kernel 2.0.38 > for redhat 5.x - compiled and ready. > > Just rpm -Uvh kernel-2.0.38(whatever the name is) and thats it.. > > Hetz > > Omer wrote: > > > > Irrelevant. > > > > Most people will not upgrade the kernel on their own > > to the latest stable version, but rather would only > > upgrade using the official vendor errata. This is how > > it is for all of the big-time operating systems, and > > since Linux is poised to make it to the big time, you > > have to expect this practice to become a lot more common. > > > > To which: Say you're a RH user, using 5.x. > > > > You will be using RedHat's errata updated for 5.2. > > > > The latest kernel included is 2.0.36, not patched > > to fix this. > > > > Hetz Ben Hamo wrote: > > > > > > It fixed long time ago on kernel 2.0.38 > > > > > > Hetz > > > > > > Omer wrote: > > > > > > > > This was posted to BugTraq today, and it seemed > > > > important enough to pass on (even though if you are > > > > a sysadmin and do not regularly read BT, you might > > > > deserve what you get). > > > > > > > > It's what I'd call a HUGE problem, not > > > > merely a big problem (unless of course you have > > > > no local users). In any case, I'd chmod u-s /bin/ping > > > > immediatly, and be careful not to ping as root (if > > > > you're not sure you're up to it, better make it > > > > chmod 000 /bin/ping :) > > > > > > > > Message to BT follows... > > > > > > > > > > > > > > > > > Eduardo Cruz wrote: > > > > > > > > Hello ppl. > > > > > > > > > > > > Last week i was playing with my old linux 2.0.36 i486 box, while i was > > > > playing with the command ping and trying combinations of commands > > > > i found that when u do a ping -s 65468 -R ANYIPADDRESS ( -R record > > > > route) the system starts to print on the screen kernel dumps > > > > , freezes complitely and after few secconds the system reboots. > > > > > > > > The major problem with this (if this is a bug, because i dont have time > > > > to install differents kernels and test it better) is that command can be > > > > run by everyone > > > > because you dont need root permissions to make a -R. > > > > > > > > I tested this on a 2.0.35 and .36 (both slackware), when u try to do this > > > > on a 2.2.x the system prints out "message too long". > > > > I think the problem is that there is a size-check missed when u reach the > > > > maximun packet size and u put the route information, but anyway > > > > i am not a guru on kernels. > > > > > > > > So, now is time for the kernel experts :) > > > > > > > > --- > > > > Eduardo Cruz - [EMAIL PROTECTED] > > > > Network Administrator > > > > Telecomm Solutions Group > > > > Tel: +350 74146 Fax: +350 41781 > > > > --- > > > > > > > > -- > > > > /--- Omer Efraim, [EMAIL PROTECTED] --\ > > > > [ Microsoft Vaccine 2000 is configuring your immune system. This may ] > > > > [ take a few minutes. If your body stops responding for a long time and ] > > > > [ there is no brain activity please die. Setup will continue after you ] > > > > [are reborn.] > > > > \---/ > > > > - Quoting Buzh, asr > > > > > > > > = > > > > To unsubscribe, send mail to [EMAIL PROTECTED] with > > > > the word "unsubscribe" in the message body, e.g., run the command > > > > echo unsubscribe | mail [EMAIL PROTECTED] > > > > -- > > /--- Omer Efraim, [EMAIL PROTECTED] --\ > > [ Microsoft Vaccine 2000 is configuring your immune system. This may ] > > [ take a few minutes. If your body stops responding for a long time and ] > > [ there is no brain activity please die. Setup will continue after you ] > > [are reborn.] > > \---/ > > - Quoting Buzh, asr > > = > To unsubscribe, send mail to [EMAIL PROTECTED] with > the word "unsubscr
Re: [Fwd: [BUGTRAQ] Big problem on 2.0.x?]
This is much worse than it seems. First of all, a DoS attack could be very serious for a large site, as you mentioned. but of course, most large sites today are hosted on machines with no local servers. In addition, this could cause loss of data (imagine your machine freezing - yes, freezing, the bt post was not completely accurate - in the middle of a huge db sweep). BTW, no kidding, it's called a DoS attack? I never heard of those *cough* :) Nadav Har'El wrote: > > On Fri, Dec 10, 1999, Omer wrote about "[Fwd: [BUGTRAQ] Big problem on 2.0.x?]": > > This was posted to BugTraq today, and it seemed > > important enough to pass on (even though if you are > > a sysadmin and do not regularly read BT, you might > > deserve what you get). > > > > It's what I'd call a HUGE problem, not > > merely a big problem (unless of course you have > > no local users). In any case, I'd chmod u-s /bin/ping > > immediatly, and be careful not to ping as root (if > > you're not sure you're up to it, better make it > > chmod 000 /bin/ping :) > >.. > > > > I think that under most setups this is not such a "HUGE" problem. This > is indeed a big problem for a site with hundreds of curious shell users, > which like to try out if this indeed reboots the machine (remember the > Pentium lockup bug?). On machines used personally or as web servers, all > this bug means is that if someone can break into a regular account on your > server, then they reboot your machine, causing what is known as a DoS, a > Denial-of-Service attack because they can repeatedly reboot your machine. > DoS attacks can a big problem for some sites (e-commerce sites, or fbi.gov) > but much less to most sites, or to your home PC. > > A much scarier scenario, in my opinion, is that the intruder gains superuser > access (through bugs and loopholes in your system), or even worse: if someone > can break into your machine remotely, without even having to break into an > account on your machine (e.g., by using a bug in your FTP server, perhaps). > Both these types of attacks are common, are announced frequently on bugtraq, > and I've personally seen them happen twice (most sysadmins simply are unaware > that their machines have been broken into), and caught (in time) an attempt > to break into my home Linux machine connected through PPP (!). Now these are > HUGE problems. > > -- > Nadav Har'El|Friday, Dec 10 1999, 2 Tevet 5760 > [EMAIL PROTECTED] |- > Phone: +972-53-245868, ICQ 13349191 |Cats know what we feel. They don't care, > http://nadav.harel.org.il |but they know. > > = > To unsubscribe, send mail to [EMAIL PROTECTED] with > the word "unsubscribe" in the message body, e.g., run the command > echo unsubscribe | mail [EMAIL PROTECTED] -- /--- Omer Efraim, [EMAIL PROTECTED] --\ [ Microsoft Vaccine 2000 is configuring your immune system. This may ] [ take a few minutes. If your body stops responding for a long time and ] [ there is no brain activity please die. Setup will continue after you ] [are reborn.] \---/ - Quoting Buzh, asr = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: [Fwd: [BUGTRAQ] Big problem on 2.0.x?]
Well, if YOU CHECK you will find that there are RPM's for kernel 2.0.38 for redhat 5.x - compiled and ready. Just rpm -Uvh kernel-2.0.38(whatever the name is) and thats it.. Hetz Omer wrote: > > Irrelevant. > > Most people will not upgrade the kernel on their own > to the latest stable version, but rather would only > upgrade using the official vendor errata. This is how > it is for all of the big-time operating systems, and > since Linux is poised to make it to the big time, you > have to expect this practice to become a lot more common. > > To which: Say you're a RH user, using 5.x. > > You will be using RedHat's errata updated for 5.2. > > The latest kernel included is 2.0.36, not patched > to fix this. > > Hetz Ben Hamo wrote: > > > > It fixed long time ago on kernel 2.0.38 > > > > Hetz > > > > Omer wrote: > > > > > > This was posted to BugTraq today, and it seemed > > > important enough to pass on (even though if you are > > > a sysadmin and do not regularly read BT, you might > > > deserve what you get). > > > > > > It's what I'd call a HUGE problem, not > > > merely a big problem (unless of course you have > > > no local users). In any case, I'd chmod u-s /bin/ping > > > immediatly, and be careful not to ping as root (if > > > you're not sure you're up to it, better make it > > > chmod 000 /bin/ping :) > > > > > > Message to BT follows... > > > > > > > > > > > > > Eduardo Cruz wrote: > > > > > > Hello ppl. > > > > > > > > > Last week i was playing with my old linux 2.0.36 i486 box, while i was > > > playing with the command ping and trying combinations of commands > > > i found that when u do a ping -s 65468 -R ANYIPADDRESS ( -R record > > > route) the system starts to print on the screen kernel dumps > > > , freezes complitely and after few secconds the system reboots. > > > > > > The major problem with this (if this is a bug, because i dont have time > > > to install differents kernels and test it better) is that command can be > > > run by everyone > > > because you dont need root permissions to make a -R. > > > > > > I tested this on a 2.0.35 and .36 (both slackware), when u try to do this > > > on a 2.2.x the system prints out "message too long". > > > I think the problem is that there is a size-check missed when u reach the > > > maximun packet size and u put the route information, but anyway > > > i am not a guru on kernels. > > > > > > So, now is time for the kernel experts :) > > > > > > --- > > > Eduardo Cruz - [EMAIL PROTECTED] > > > Network Administrator > > > Telecomm Solutions Group > > > Tel: +350 74146 Fax: +350 41781 > > > --- > > > > > > -- > > > /--- Omer Efraim, [EMAIL PROTECTED] --\ > > > [ Microsoft Vaccine 2000 is configuring your immune system. This may ] > > > [ take a few minutes. If your body stops responding for a long time and ] > > > [ there is no brain activity please die. Setup will continue after you ] > > > [are reborn.] > > > \---/ > > > - Quoting Buzh, asr > > > > > > = > > > To unsubscribe, send mail to [EMAIL PROTECTED] with > > > the word "unsubscribe" in the message body, e.g., run the command > > > echo unsubscribe | mail [EMAIL PROTECTED] > > -- > /--- Omer Efraim, [EMAIL PROTECTED] --\ > [ Microsoft Vaccine 2000 is configuring your immune system. This may ] > [ take a few minutes. If your body stops responding for a long time and ] > [ there is no brain activity please die. Setup will continue after you ] > [are reborn.] > \---/ > - Quoting Buzh, asr = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: [Fwd: [BUGTRAQ] Big problem on 2.0.x?]
Irrelevant. Most people will not upgrade the kernel on their own to the latest stable version, but rather would only upgrade using the official vendor errata. This is how it is for all of the big-time operating systems, and since Linux is poised to make it to the big time, you have to expect this practice to become a lot more common. To which: Say you're a RH user, using 5.x. You will be using RedHat's errata updated for 5.2. The latest kernel included is 2.0.36, not patched to fix this. Hetz Ben Hamo wrote: > > It fixed long time ago on kernel 2.0.38 > > Hetz > > Omer wrote: > > > > This was posted to BugTraq today, and it seemed > > important enough to pass on (even though if you are > > a sysadmin and do not regularly read BT, you might > > deserve what you get). > > > > It's what I'd call a HUGE problem, not > > merely a big problem (unless of course you have > > no local users). In any case, I'd chmod u-s /bin/ping > > immediatly, and be careful not to ping as root (if > > you're not sure you're up to it, better make it > > chmod 000 /bin/ping :) > > > > Message to BT follows... > > > > > > > > > Eduardo Cruz wrote: > > > > Hello ppl. > > > > > > Last week i was playing with my old linux 2.0.36 i486 box, while i was > > playing with the command ping and trying combinations of commands > > i found that when u do a ping -s 65468 -R ANYIPADDRESS ( -R record > > route) the system starts to print on the screen kernel dumps > > , freezes complitely and after few secconds the system reboots. > > > > The major problem with this (if this is a bug, because i dont have time > > to install differents kernels and test it better) is that command can be > > run by everyone > > because you dont need root permissions to make a -R. > > > > I tested this on a 2.0.35 and .36 (both slackware), when u try to do this > > on a 2.2.x the system prints out "message too long". > > I think the problem is that there is a size-check missed when u reach the > > maximun packet size and u put the route information, but anyway > > i am not a guru on kernels. > > > > So, now is time for the kernel experts :) > > > > --- > > Eduardo Cruz - [EMAIL PROTECTED] > > Network Administrator > > Telecomm Solutions Group > > Tel: +350 74146 Fax: +350 41781 > > --- > > > > -- > > /--- Omer Efraim, [EMAIL PROTECTED] --\ > > [ Microsoft Vaccine 2000 is configuring your immune system. This may ] > > [ take a few minutes. If your body stops responding for a long time and ] > > [ there is no brain activity please die. Setup will continue after you ] > > [are reborn.] > > \---/ > > - Quoting Buzh, asr > > > > = > > To unsubscribe, send mail to [EMAIL PROTECTED] with > > the word "unsubscribe" in the message body, e.g., run the command > > echo unsubscribe | mail [EMAIL PROTECTED] -- /--- Omer Efraim, [EMAIL PROTECTED] --\ [ Microsoft Vaccine 2000 is configuring your immune system. This may ] [ take a few minutes. If your body stops responding for a long time and ] [ there is no brain activity please die. Setup will continue after you ] [are reborn.] \---/ - Quoting Buzh, asr = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: [Fwd: [BUGTRAQ] Big problem on 2.0.x?]
On Fri, Dec 10, 1999, Omer wrote about "[Fwd: [BUGTRAQ] Big problem on 2.0.x?]": > This was posted to BugTraq today, and it seemed > important enough to pass on (even though if you are > a sysadmin and do not regularly read BT, you might > deserve what you get). > > It's what I'd call a HUGE problem, not > merely a big problem (unless of course you have > no local users). In any case, I'd chmod u-s /bin/ping > immediatly, and be careful not to ping as root (if > you're not sure you're up to it, better make it > chmod 000 /bin/ping :) >.. > I think that under most setups this is not such a "HUGE" problem. This is indeed a big problem for a site with hundreds of curious shell users, which like to try out if this indeed reboots the machine (remember the Pentium lockup bug?). On machines used personally or as web servers, all this bug means is that if someone can break into a regular account on your server, then they reboot your machine, causing what is known as a DoS, a Denial-of-Service attack because they can repeatedly reboot your machine. DoS attacks can a big problem for some sites (e-commerce sites, or fbi.gov) but much less to most sites, or to your home PC. A much scarier scenario, in my opinion, is that the intruder gains superuser access (through bugs and loopholes in your system), or even worse: if someone can break into your machine remotely, without even having to break into an account on your machine (e.g., by using a bug in your FTP server, perhaps). Both these types of attacks are common, are announced frequently on bugtraq, and I've personally seen them happen twice (most sysadmins simply are unaware that their machines have been broken into), and caught (in time) an attempt to break into my home Linux machine connected through PPP (!). Now these are HUGE problems. -- Nadav Har'El|Friday, Dec 10 1999, 2 Tevet 5760 [EMAIL PROTECTED] |- Phone: +972-53-245868, ICQ 13349191 |Cats know what we feel. They don't care, http://nadav.harel.org.il |but they know. = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: [Fwd: [BUGTRAQ] Big problem on 2.0.x?]
It fixed long time ago on kernel 2.0.38 Hetz Omer wrote: > > This was posted to BugTraq today, and it seemed > important enough to pass on (even though if you are > a sysadmin and do not regularly read BT, you might > deserve what you get). > > It's what I'd call a HUGE problem, not > merely a big problem (unless of course you have > no local users). In any case, I'd chmod u-s /bin/ping > immediatly, and be careful not to ping as root (if > you're not sure you're up to it, better make it > chmod 000 /bin/ping :) > > Message to BT follows... > > > > > Eduardo Cruz wrote: > > Hello ppl. > > > Last week i was playing with my old linux 2.0.36 i486 box, while i was > playing with the command ping and trying combinations of commands > i found that when u do a ping -s 65468 -R ANYIPADDRESS ( -R record > route) the system starts to print on the screen kernel dumps > , freezes complitely and after few secconds the system reboots. > > The major problem with this (if this is a bug, because i dont have time > to install differents kernels and test it better) is that command can be > run by everyone > because you dont need root permissions to make a -R. > > I tested this on a 2.0.35 and .36 (both slackware), when u try to do this > on a 2.2.x the system prints out "message too long". > I think the problem is that there is a size-check missed when u reach the > maximun packet size and u put the route information, but anyway > i am not a guru on kernels. > > So, now is time for the kernel experts :) > > --- > Eduardo Cruz - [EMAIL PROTECTED] > Network Administrator > Telecomm Solutions Group > Tel: +350 74146 Fax: +350 41781 > --- > > -- > /--- Omer Efraim, [EMAIL PROTECTED] --\ > [ Microsoft Vaccine 2000 is configuring your immune system. This may ] > [ take a few minutes. If your body stops responding for a long time and ] > [ there is no brain activity please die. Setup will continue after you ] > [are reborn.] > \---/ > - Quoting Buzh, asr > > = > To unsubscribe, send mail to [EMAIL PROTECTED] with > the word "unsubscribe" in the message body, e.g., run the command > echo unsubscribe | mail [EMAIL PROTECTED] = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
[Fwd: [BUGTRAQ] Big problem on 2.0.x?]
This was posted to BugTraq today, and it seemed important enough to pass on (even though if you are a sysadmin and do not regularly read BT, you might deserve what you get). It's what I'd call a HUGE problem, not merely a big problem (unless of course you have no local users). In any case, I'd chmod u-s /bin/ping immediatly, and be careful not to ping as root (if you're not sure you're up to it, better make it chmod 000 /bin/ping :) Message to BT follows... Eduardo Cruz wrote: Hello ppl. Last week i was playing with my old linux 2.0.36 i486 box, while i was playing with the command ping and trying combinations of commands i found that when u do a ping -s 65468 -R ANYIPADDRESS ( -R record route) the system starts to print on the screen kernel dumps , freezes complitely and after few secconds the system reboots. The major problem with this (if this is a bug, because i dont have time to install differents kernels and test it better) is that command can be run by everyone because you dont need root permissions to make a -R. I tested this on a 2.0.35 and .36 (both slackware), when u try to do this on a 2.2.x the system prints out "message too long". I think the problem is that there is a size-check missed when u reach the maximun packet size and u put the route information, but anyway i am not a guru on kernels. So, now is time for the kernel experts :) --- Eduardo Cruz - [EMAIL PROTECTED] Network Administrator Telecomm Solutions Group Tel: +350 74146 Fax: +350 41781 --- -- /--- Omer Efraim, [EMAIL PROTECTED] --\ [ Microsoft Vaccine 2000 is configuring your immune system. This may ] [ take a few minutes. If your body stops responding for a long time and ] [ there is no brain activity please die. Setup will continue after you ] [are reborn.] \---/ - Quoting Buzh, asr = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]