Re: [WISPA] Kernel Patching
I still remember using a 4 bit microprocessor (4004 and 4040). On Mon, Sep 20, 2010 at 10:05 PM, RickG rgunder...@gmail.com wrote: I thought you were a 2 bit operator :P On Mon, Sep 20, 2010 at 11:00 PM, Robert West robert.w...@just-micro.com wrote: I'm a 2 bit operation. Really. -Original Message- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of Mike Hammett Sent: Monday, September 20, 2010 10:43 PM To: WISPA General List Subject: Re: [WISPA] Kernel Patching There's a difference between a 2 bit operation and 2 bit code. :-p - Mike Hammett Intelligent Computing Solutions http://www.ics-il.com On 9/20/2010 6:51 PM, Marco Coelho wrote: Thanks for the update. Thank goodness I run only 2 bit code! On Mon, Sep 20, 2010 at 6:40 PM, Glenn Kelleygl...@hostmedic.com wrote: Just a heads up. Those of you who are running Debian, CentOS, RedHat and other systems similar. There is a pretty big security flaw on the 64 bit side of these systems now labeled as CVE-2010-3081 In short The flaw identified by CVE-2010-3081 (Red Hat Bugzilla bug 634457) describes an issue in the 32/64-bit compatibility layer implementation in the Linux kernel, versions 2.6.26-rc1 to 2.6.36-rc4. The compat_alloc_user_space() function is missing a sanity check on the length argument, and also a check to make sure the pointer to the block of memory in user-space that the process is attempting to write to is valid. This flaw was addressed via the upstream git commit c41d68a5 for the 2.6 Linux kernel. This function could be abused in other areas of the Linux kernel if the length argument can be controlled from user-space. A known example of this is the compat_mc_getsockopt() function for MCAST_MSFILTER that was introduced in upstream git commit 42908c69 (v2.6.26-rc1). You can easily fix this by implementing the patch located here: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h= c41d68a513c71e35a14f66d71782d27a79a81ea6. As always - if you are stuck -please do not hesitate to contact me offlist - while the patch is from 9/19/10 - many wispa's have not patched their systems simply because they don't know they needed to. As always - when in doubt check the security lists out :-) _ Glenn Kelley | Principle | HostMedic |www.HostMedic.com Email: gl...@hostmedic.com Pplease don't print this e-mail unless you really need to. - --- WISPA Wants You! Join today! http://signup.wispa.org/ - --- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ -- Marco C. Coelho Argon Technologies Inc. POB 875 Greenville, TX 75403-0875 903-455-5036 WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
[WISPA] Kernel Patching
Just a heads up. Those of you who are running Debian, CentOS, RedHat and other systems similar. There is a pretty big security flaw on the 64 bit side of these systems now labeled as CVE-2010-3081 In short The flaw identified by CVE-2010-3081 (Red Hat Bugzilla bug 634457) describes an issue in the 32/64-bit compatibility layer implementation in the Linux kernel, versions 2.6.26-rc1 to 2.6.36-rc4. The compat_alloc_user_space() function is missing a sanity check on the length argument, and also a check to make sure the pointer to the block of memory in user-space that the process is attempting to write to is valid. This flaw was addressed via the upstream git commit c41d68a5 for the 2.6 Linux kernel. This function could be abused in other areas of the Linux kernel if the length argument can be controlled from user-space. A known example of this is the compat_mc_getsockopt() function for MCAST_MSFILTER that was introduced in upstream git commit 42908c69 (v2.6.26-rc1). You can easily fix this by implementing the patch located here: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=c41d68a513c71e35a14f66d71782d27a79a81ea6. As always - if you are stuck -please do not hesitate to contact me offlist - while the patch is from 9/19/10 - many wispa's have not patched their systems simply because they don't know they needed to. As always - when in doubt check the security lists out :-) _ Glenn Kelley | Principle | HostMedic |www.HostMedic.com Email: gl...@hostmedic.com Pplease don't print this e-mail unless you really need to. WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Kernel Patching
Thanks for the update. Thank goodness I run only 2 bit code! On Mon, Sep 20, 2010 at 6:40 PM, Glenn Kelley gl...@hostmedic.com wrote: Just a heads up. Those of you who are running Debian, CentOS, RedHat and other systems similar. There is a pretty big security flaw on the 64 bit side of these systems now labeled as CVE-2010-3081 In short The flaw identified by CVE-2010-3081 (Red Hat Bugzilla bug 634457) describes an issue in the 32/64-bit compatibility layer implementation in the Linux kernel, versions 2.6.26-rc1 to 2.6.36-rc4. The compat_alloc_user_space() function is missing a sanity check on the length argument, and also a check to make sure the pointer to the block of memory in user-space that the process is attempting to write to is valid. This flaw was addressed via the upstream git commit c41d68a5 for the 2.6 Linux kernel. This function could be abused in other areas of the Linux kernel if the length argument can be controlled from user-space. A known example of this is the compat_mc_getsockopt() function for MCAST_MSFILTER that was introduced in upstream git commit 42908c69 (v2.6.26-rc1). You can easily fix this by implementing the patch located here: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=c41d68a513c71e35a14f66d71782d27a79a81ea6. As always - if you are stuck -please do not hesitate to contact me offlist - while the patch is from 9/19/10 - many wispa's have not patched their systems simply because they don't know they needed to. As always - when in doubt check the security lists out :-) _ Glenn Kelley | Principle | HostMedic |www.HostMedic.com Email: gl...@hostmedic.com Pplease don't print this e-mail unless you really need to. WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ -- Marco C. Coelho Argon Technologies Inc. POB 875 Greenville, TX 75403-0875 903-455-5036 WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Kernel Patching
lol Red Hat has not actually pushed anything out yet - even though others have... makes me wonder what they are thinking On Sep 20, 2010, at 7:51 PM, Marco Coelho wrote: Thanks for the update. Thank goodness I run only 2 bit code! On Mon, Sep 20, 2010 at 6:40 PM, Glenn Kelley gl...@hostmedic.com wrote: Just a heads up. Those of you who are running Debian, CentOS, RedHat and other systems similar. There is a pretty big security flaw on the 64 bit side of these systems now labeled as CVE-2010-3081 In short The flaw identified by CVE-2010-3081 (Red Hat Bugzilla bug 634457) describes an issue in the 32/64-bit compatibility layer implementation in the Linux kernel, versions 2.6.26-rc1 to 2.6.36-rc4. The compat_alloc_user_space() function is missing a sanity check on the length argument, and also a check to make sure the pointer to the block of memory in user-space that the process is attempting to write to is valid. This flaw was addressed via the upstream git commit c41d68a5 for the 2.6 Linux kernel. This function could be abused in other areas of the Linux kernel if the length argument can be controlled from user-space. A known example of this is the compat_mc_getsockopt() function for MCAST_MSFILTER that was introduced in upstream git commit 42908c69 (v2.6.26-rc1). You can easily fix this by implementing the patch located here: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=c41d68a513c71e35a14f66d71782d27a79a81ea6. As always - if you are stuck -please do not hesitate to contact me offlist - while the patch is from 9/19/10 - many wispa's have not patched their systems simply because they don't know they needed to. As always - when in doubt check the security lists out :-) _ Glenn Kelley | Principle | HostMedic |www.HostMedic.com Email: gl...@hostmedic.com Pplease don't print this e-mail unless you really need to. WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ -- Marco C. Coelho Argon Technologies Inc. POB 875 Greenville, TX 75403-0875 903-455-5036 WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ _ Glenn Kelley | Principle | HostMedic |www.HostMedic.com Email: gl...@hostmedic.com Pplease don't print this e-mail unless you really need to. WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Kernel Patching
How hard is it to find packages for 2bit OSes? :p On Sep 20, 2010 7:51 PM, Marco Coelho coelh...@gmail.com wrote: Thanks for the update. Thank goodness I run only 2 bit code! On Mon, Sep 20, 2010 at 6:40 PM, Glenn Kelley gl...@hostmedic.com wrote: Just a heads up. Tho... WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ -- Marco C. Coelho Argon Technologies Inc. POB 875 Greenville, TX 75403-0875 903-455-5036 WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Kernel Patching
I believe that is called shoe and leather - yes ? On Sep 20, 2010, at 7:51 PM, Marco Coelho wrote: Thanks for the update. Thank goodness I run only 2 bit code! On Mon, Sep 20, 2010 at 6:40 PM, Glenn Kelley gl...@hostmedic.com wrote: Just a heads up. Those of you who are running Debian, CentOS, RedHat and other systems similar. There is a pretty big security flaw on the 64 bit side of these systems now labeled as CVE-2010-3081 In short The flaw identified by CVE-2010-3081 (Red Hat Bugzilla bug 634457) describes an issue in the 32/64-bit compatibility layer implementation in the Linux kernel, versions 2.6.26-rc1 to 2.6.36-rc4. The compat_alloc_user_space() function is missing a sanity check on the length argument, and also a check to make sure the pointer to the block of memory in user-space that the process is attempting to write to is valid. This flaw was addressed via the upstream git commit c41d68a5 for the 2.6 Linux kernel. This function could be abused in other areas of the Linux kernel if the length argument can be controlled from user-space. A known example of this is the compat_mc_getsockopt() function for MCAST_MSFILTER that was introduced in upstream git commit 42908c69 (v2.6.26-rc1). You can easily fix this by implementing the patch located here: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=c41d68a513c71e35a14f66d71782d27a79a81ea6. As always - if you are stuck -please do not hesitate to contact me offlist - while the patch is from 9/19/10 - many wispa's have not patched their systems simply because they don't know they needed to. As always - when in doubt check the security lists out :-) _ Glenn Kelley | Principle | HostMedic |www.HostMedic.com Email: gl...@hostmedic.com Pplease don't print this e-mail unless you really need to. WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ -- Marco C. Coelho Argon Technologies Inc. POB 875 Greenville, TX 75403-0875 903-455-5036 WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ _ Glenn Kelley | Principle | HostMedic |www.HostMedic.com Email: gl...@hostmedic.com Pplease don't print this e-mail unless you really need to. WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Kernel Patching
There's a difference between a 2 bit operation and 2 bit code. :-p - Mike Hammett Intelligent Computing Solutions http://www.ics-il.com On 9/20/2010 6:51 PM, Marco Coelho wrote: Thanks for the update. Thank goodness I run only 2 bit code! On Mon, Sep 20, 2010 at 6:40 PM, Glenn Kelleygl...@hostmedic.com wrote: Just a heads up. Those of you who are running Debian, CentOS, RedHat and other systems similar. There is a pretty big security flaw on the 64 bit side of these systems now labeled as CVE-2010-3081 In short The flaw identified by CVE-2010-3081 (Red Hat Bugzilla bug 634457) describes an issue in the 32/64-bit compatibility layer implementation in the Linux kernel, versions 2.6.26-rc1 to 2.6.36-rc4. The compat_alloc_user_space() function is missing a sanity check on the length argument, and also a check to make sure the pointer to the block of memory in user-space that the process is attempting to write to is valid. This flaw was addressed via the upstream git commit c41d68a5 for the 2.6 Linux kernel. This function could be abused in other areas of the Linux kernel if the length argument can be controlled from user-space. A known example of this is the compat_mc_getsockopt() function for MCAST_MSFILTER that was introduced in upstream git commit 42908c69 (v2.6.26-rc1). You can easily fix this by implementing the patch located here: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=c41d68a513c71e35a14f66d71782d27a79a81ea6. As always - if you are stuck -please do not hesitate to contact me offlist - while the patch is from 9/19/10 - many wispa's have not patched their systems simply because they don't know they needed to. As always - when in doubt check the security lists out :-) _ Glenn Kelley | Principle | HostMedic |www.HostMedic.com Email: gl...@hostmedic.com Pplease don't print this e-mail unless you really need to. WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Kernel Patching
I'm a 2 bit operation. Really. -Original Message- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of Mike Hammett Sent: Monday, September 20, 2010 10:43 PM To: WISPA General List Subject: Re: [WISPA] Kernel Patching There's a difference between a 2 bit operation and 2 bit code. :-p - Mike Hammett Intelligent Computing Solutions http://www.ics-il.com On 9/20/2010 6:51 PM, Marco Coelho wrote: Thanks for the update. Thank goodness I run only 2 bit code! On Mon, Sep 20, 2010 at 6:40 PM, Glenn Kelleygl...@hostmedic.com wrote: Just a heads up. Those of you who are running Debian, CentOS, RedHat and other systems similar. There is a pretty big security flaw on the 64 bit side of these systems now labeled as CVE-2010-3081 In short The flaw identified by CVE-2010-3081 (Red Hat Bugzilla bug 634457) describes an issue in the 32/64-bit compatibility layer implementation in the Linux kernel, versions 2.6.26-rc1 to 2.6.36-rc4. The compat_alloc_user_space() function is missing a sanity check on the length argument, and also a check to make sure the pointer to the block of memory in user-space that the process is attempting to write to is valid. This flaw was addressed via the upstream git commit c41d68a5 for the 2.6 Linux kernel. This function could be abused in other areas of the Linux kernel if the length argument can be controlled from user-space. A known example of this is the compat_mc_getsockopt() function for MCAST_MSFILTER that was introduced in upstream git commit 42908c69 (v2.6.26-rc1). You can easily fix this by implementing the patch located here: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h= c41d68a513c71e35a14f66d71782d27a79a81ea6. As always - if you are stuck -please do not hesitate to contact me offlist - while the patch is from 9/19/10 - many wispa's have not patched their systems simply because they don't know they needed to. As always - when in doubt check the security lists out :-) _ Glenn Kelley | Principle | HostMedic |www.HostMedic.com Email: gl...@hostmedic.com Pplease don't print this e-mail unless you really need to. - --- WISPA Wants You! Join today! http://signup.wispa.org/ - --- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Kernel Patching
I thought you were a 2 bit operator :P On Mon, Sep 20, 2010 at 11:00 PM, Robert West robert.w...@just-micro.comwrote: I'm a 2 bit operation. Really. -Original Message- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of Mike Hammett Sent: Monday, September 20, 2010 10:43 PM To: WISPA General List Subject: Re: [WISPA] Kernel Patching There's a difference between a 2 bit operation and 2 bit code. :-p - Mike Hammett Intelligent Computing Solutions http://www.ics-il.com On 9/20/2010 6:51 PM, Marco Coelho wrote: Thanks for the update. Thank goodness I run only 2 bit code! On Mon, Sep 20, 2010 at 6:40 PM, Glenn Kelleygl...@hostmedic.com wrote: Just a heads up. Those of you who are running Debian, CentOS, RedHat and other systems similar. There is a pretty big security flaw on the 64 bit side of these systems now labeled as CVE-2010-3081 In short The flaw identified by CVE-2010-3081 (Red Hat Bugzilla bug 634457) describes an issue in the 32/64-bit compatibility layer implementation in the Linux kernel, versions 2.6.26-rc1 to 2.6.36-rc4. The compat_alloc_user_space() function is missing a sanity check on the length argument, and also a check to make sure the pointer to the block of memory in user-space that the process is attempting to write to is valid. This flaw was addressed via the upstream git commit c41d68a5 for the 2.6 Linux kernel. This function could be abused in other areas of the Linux kernel if the length argument can be controlled from user-space. A known example of this is the compat_mc_getsockopt() function for MCAST_MSFILTER that was introduced in upstream git commit 42908c69 (v2.6.26-rc1). You can easily fix this by implementing the patch located here: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h= c41d68a513c71e35a14f66d71782d27a79a81ea6. As always - if you are stuck -please do not hesitate to contact me offlist - while the patch is from 9/19/10 - many wispa's have not patched their systems simply because they don't know they needed to. As always - when in doubt check the security lists out :-) _ Glenn Kelley | Principle | HostMedic |www.HostMedic.com Email: gl...@hostmedic.com Pplease don't print this e-mail unless you really need to. - --- WISPA Wants You! Join today! http://signup.wispa.org/ - --- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
