Page 1 of 4 123 ... LastLast
Results 1 to 10 of 40

Thread: "Hole in the Linux kernel allows root access" - Do we have to worry?

  1. #1
    Join Date
    Oct 2007
    Location
    Mystic Ruin
    Beans
    Hidden!

    Question "Hole in the Linux kernel allows root access" - Do we have to worry?

    There is mention of some hole in the linux kernel that could allow someone to access the system with root privilages, sense root account is disabled by default is it something us Ubuntu users have to be concerned about?

    See Article for details.
    Article: http://www.h-online.com/open/news/it...ss-850016.html
    Diaspora Handle: masternetra@diasp.org

  2. #2
    Join Date
    Apr 2008
    Location
    RiceMonsterland, Canada
    Beans
    Hidden!

    Re: "Hole in the Linux kernel allows root access" - Do we have to worry?

    This vulnerability was fixed a few months ago.
    Code:
    while true; do echo -n "RiceMonster "; done
    Best thread ever

  3. #3
    Join Date
    Feb 2008
    Location
    Missoula, MT, USA
    Beans
    Hidden!
    Distro
    Kubuntu 11.04 Natty Narwhal

    Re: "Hole in the Linux kernel allows root access" - Do we have to worry?

    According to the (somewhat inaccurate, IMHO) summary on Slashdot, the bug is "mitigated" in most major distros at this point. Apparently it's not fixed yet in Red Hat Enterprise Linux. How that translates into "virtually all production versions in use at the moment (are) vulnerable" (as the /. summary quoting the article says) I don't understand, unless you count the fact that it's fixed via workaround rather than via code in the kernel.

    I think I should file a bug report on the writer himself for that one.
    Direct complaints and/or flames to /dev/null for faster service.
    Everyone who chanted "Drill, baby, drill!" in 2008 now has to report to the coast of the Gulf of Mexico for oil-spill cleanup duty.

  4. #4
    Join Date
    Oct 2007
    Location
    Mystic Ruin
    Beans
    Hidden!

    Re: "Hole in the Linux kernel allows root access" - Do we have to worry?

    Oh ok, so thats a no we don't have to worry about it. ^.^
    Diaspora Handle: masternetra@diasp.org

  5. #5
    Join Date
    Dec 2006
    Beans
    217

    Re: "Hole in the Linux kernel allows root access" - Do we have to worry?

    if you have a kernel before 2.6.32 yes, ubuntu does have root, you just can't login as root. The vulnerability is minimised unless you have wine or dosbox installed in which case it is still there. If you run
    Code:
    cat /proc/sys/vm/mmap_min_addr
    if you get 0 you are bulnerable
    if you get >0 you are safe

    edit erm when i said >0 i think i was wrong it has to be a big number
    Last edited by Xbehave; November 5th, 2009 at 04:27 AM.

  6. #6
    Join Date
    Aug 2006
    Location
    Gallatin Tennessee
    Beans
    353
    Distro
    Lubuntu

    Question Hole in Linux allows Root Access?

    Hi All

    I read this article; Is this affecting all distros? The article did not specify as far as I can tell

    http://www.linuxtoday.com/news_story...4-017-35-SC-KN
    There's always a workaround; finding it is the hard part.

  7. #7
    Join Date
    Mar 2006
    Location
    Williams Lake
    Beans
    Hidden!
    Distro
    Ubuntu Development Release

    Re: Hole in Linux allows Root Access?

    According to the article, you will only be affected if you use wine or dosemu. It wouldn't surprise me to see a kernel update in the next couple of days.

  8. #8
    Join Date
    Feb 2008
    Beans
    794
    Distro
    Ubuntu

    Re: Hole in Linux allows Root Access?

    Think it's all Linux versions on kernels BELOW 2.6.32- which are prone to this issue.

    So that's probably affecting everyone, except the people compiling their own latest 2.6.32 kernels.

    What kernel is Lucid Lynx (or what ever 10.04 is called) going to be using?
    Laters...
    Sol
    "Have you found the secrets of the universe? Asked Zebade "I'm sure I left them here somewhere" User numbers: Ubuntu 23772 Linux 477911

  9. #9
    Join Date
    Jan 2008
    Location
    USA
    Beans
    971
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: Hole in Linux allows Root Access?

    While this bug has not been fixed in the kernel yet, almost all distros have "worked around" it by adjusting the mmap_min_addr value. Karmic has fixed this issue by default already. The only major distro to not fix it is Fedora.

    Here's how you can check if you are vulnerable:

    Code:
    cat /proc/sys/vm/mmap_min_addr
    If that command returns a value other than 0, you are safe. (My Karmic install returns 65536). If you do see 0, then you can fix it by typing:

    Code:
    sysctl -w vm.mmap_min_addr="65536"
    This exploit is actually over a month old and it fails me why this is even news at all. This article goes into more detail. And this article provides the fix I just posted.

    Again, no Ubuntu users have anything to worry about here.

  10. #10
    Join Date
    Jan 2006
    Beans
    Hidden!

    Re: Hole in Linux allows Root Access?

    I get a 0 from that command. I'm using Karmic..
    Great links: Tutorials & Tips Forum - GNOME System Administration Guide - Bash-Scripting Guide
    Remember: Please mark your thread as [ SOLVED ] if you found a working solution!

Page 1 of 4 123 ... LastLast

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •