Linux Help
guides forums blogs
Home Desktops Distributions ISO Images Logos Newbies Reviews Software Support & Resources Linuxhelp Wiki

Welcome Guest ( Log In | Register )



Advanced DNS Management
New ZoneEdit. New Managment.

FREE DNS Is Back

Sign Up Now
 
Reply to this topicStart new topic
> Critical Kernel Vulnerability, Patch your kernels!
hughesjr
post Mar 8 2004, 09:02 AM
Post #1


Its GNU/Linuxhelp.net
*******

Group: Admin
Posts: 3,433
Joined: 25-July 03
From: Corpus Chrsiti, TX, USA
Member No.: 1,151



I don't normally do this in tech support .... but there is a kernel issue that allows a local user to gain root privs on the computer, and it affects all standard linux kernels 2.2.0 - 2.2.25, 2.4.0 - 2.4.24, 2.6.0 - 2.6.2 ...(ie virtually all current Linux kernels except 2.4.25 and 2.6.3) ... something similar lead the the break ins on the Debian.org server machines earlier...

So if someone can get regular user access on your machine ... without the updates, they can also get root.

There is an entry already in the Security Advisories section on this issue....and how to fix it for many Distros....


--------------------
Johnny Hughes
hughesjr@linuxhelp.net
Enterprise Alternatives: CentOS, WhiteBoxEL
Favorite Workstation Distros (in order): CentOS, Gentoo, Debian Sarge, Ubuntu, Mandrake, FedoraCore, Slackware, SUSE
Favorite Server Distros (in order): CentOS, WhiteBoxEL, Debian Sarge, Slackware, Mandrake, FedoraCore, Gentoo, SUSE
Go to the top of the page
 
+Quote Post
Corey
post Mar 8 2004, 11:20 AM
Post #2


Its GNU/Linuxhelp.net
*******

Group: Admin
Posts: 1,254
Joined: 21-September 02
From: St John's, Newfoundland, Canada
Member No.: 3



Very scary stuff, thanks for the post, I wasn't aware of this until I read your post. This may lead to some people bashing linux for not being as secure as other operating systems, but I think this goes to show how quickly vulnerabilities get out there, and how quick the kernel team are to patching these problems. Providing system admins read potential vulnerabilities and patch their systems, this shouldn't be much of an issue.


--------------------
Corey Quilliam
(former) Linuxhelp.ca Administrator
cquilliam-AT-gmail-dot-com

Want to help out Linuxhelp.net? Check out our Linuxhelp Wiki and see if there are some articles you would like to submit!!

--
Ubuntu 8.04 64-bit - Work Laptop (HP-Compaq NC6400 Core2)
Kubuntu 8.04 64-bit - Desktop (HP m8120n QuadCore)
Ubuntu 6.04 - Server (I'm not upgrading this baby until support runs out in 2012) (Some old POS dell)
Go to the top of the page
 
+Quote Post
hughesjr
post Mar 8 2004, 06:59 PM
Post #3


Its GNU/Linuxhelp.net
*******

Group: Admin
Posts: 3,433
Joined: 25-July 03
From: Corpus Chrsiti, TX, USA
Member No.: 1,151



Linux is more secure (by far) than windows ...

heck, the latest virus for windows (w32.beagle.j@mm) opens a trojan directly and writes to registry areas that only admins should be able to as a non admin user. It was found on 3/2/04 ... The virus definitions from 2/18/04 (2 weeks before it was found) would prevent it from infecting your PC ... and already (in 6 days) several thousands of computers are infected with the virus ... allowing complete access to admin functions by anyone who can scan for open port 2745....

Install the patches and be safe ... and this is a major issue, but it pales in comparison to something that opens a direct port in with admin level access.


--------------------
Johnny Hughes
hughesjr@linuxhelp.net
Enterprise Alternatives: CentOS, WhiteBoxEL
Favorite Workstation Distros (in order): CentOS, Gentoo, Debian Sarge, Ubuntu, Mandrake, FedoraCore, Slackware, SUSE
Favorite Server Distros (in order): CentOS, WhiteBoxEL, Debian Sarge, Slackware, Mandrake, FedoraCore, Gentoo, SUSE
Go to the top of the page
 
+Quote Post
mianve
post Mar 9 2004, 10:02 AM
Post #4


Whats this Lie-nix Thing?
*

Group: Members
Posts: 22
Joined: 8-March 04
From: Louisiana, U.S.A.
Member No.: 2,540



Quick question. How do you check to see which version of the kernel you are using?
Go to the top of the page
 
+Quote Post
Joey
post Mar 9 2004, 10:17 AM
Post #5


LinuxHelp Admin
*******

Group: Admin
Posts: 1,096
Joined: 18-September 02
Member No.: 1



uname -r
Go to the top of the page
 
+Quote Post
Termina
post Mar 11 2004, 10:31 AM
Post #6


RMS is my Hero
******

Group: Support Specialist
Posts: 862
Joined: 18-February 04
From: Wisconsin
Member No.: 2,404



There wouldn't happen to be some quick and painless way to use apt-get to patch a kernel, would there be? XD

Last time I tried to switch to 2.6.3 kernel (downloaded the source) by following a guide (On this site I think), I was unable to do so (some problems, don't remember what).


No offense, but it is true in a sense that linux is less secure out of the box than windows (And windows has a nifty Windows automatic update feature). I'm sure linux is more secure if you've spent days securing it, but for home users, it seems that windows is safer. smile.gif


--------------------
*Points finger at the author above him* They're a witch! Burn them!
---
Vist my website!
Join me in IRC! Server: st0rage.org Channel: #UnhandledExceptions
Go to the top of the page
 
+Quote Post
hughesjr
post Mar 11 2004, 03:36 PM
Post #7


Its GNU/Linuxhelp.net
*******

Group: Admin
Posts: 3,433
Joined: 25-July 03
From: Corpus Chrsiti, TX, USA
Member No.: 1,151



Windows is very unsecure in the default setup ... all versions except XP have no firewall (and XP's isn't turned on by default). Meaning that without buying other software (like ZoneAlarm), people can connect to your port 135/139 and read any shares you have. On the server side, Worms like CodeRed II and Nimda will connect to an unpatched IIS server and install a trojan during normal operations ... and then your IIS server will start infecting other IIS servers.

When you put Office and outlook in the mix, if you have the preview feature turned on for e-mail, scripts can execute without you actually opening your e-mail and if you don't have the latest anti-virus software installed with the latest patches.

Internet Explorer all the time has vulnerabilites that all trojans to be run by just visiting an infected site.

Since there is no default firewall, all anyone has to do is scan for the open windows trojans ... take control of the PCs, then use them for doing DDos attacks, for forwarding spam, etc. Comcast is turning off people's cable who are infected with trojans until they get them cleand to try and cut back on the SPAM that is unknowingly sent out on it's cable network.

Contrast that with a linux setup, that defaults with iptables on, and you have to specifically allow ports in or turn off the firewall before anyone can connect to your PC from the outside.

Windows is much easier to use (for the average home user) than Linux, it certainly has more software and hardware support from third parties .... and Windows Update is easier to use than most Linux update methods ... I will give you that. It is not very secure, however.
-------------------------------------------------------------
You can use dselect in debian to get a new kernel ... you want to first do:

apt-get update

then

dselect update

then

dselect

Deselect is menu driven ... go to select and then:

You want to pick a kernel-image that is right for your machine ... if you use the / key, you can then type kernel-image ... then just use / and press enter to find the same thing (kernel image).

Do you use grub as you boot loader or lilo ...


--------------------
Johnny Hughes
hughesjr@linuxhelp.net
Enterprise Alternatives: CentOS, WhiteBoxEL
Favorite Workstation Distros (in order): CentOS, Gentoo, Debian Sarge, Ubuntu, Mandrake, FedoraCore, Slackware, SUSE
Favorite Server Distros (in order): CentOS, WhiteBoxEL, Debian Sarge, Slackware, Mandrake, FedoraCore, Gentoo, SUSE
Go to the top of the page
 
+Quote Post
Termina
post Mar 11 2004, 05:23 PM
Post #8


RMS is my Hero
******

Group: Support Specialist
Posts: 862
Joined: 18-February 04
From: Wisconsin
Member No.: 2,404



O_O

*backs away slowly* Fair enough then. happy.gif Thanks

Oh, I use lilo (sorry for late reply)


--------------------
*Points finger at the author above him* They're a witch! Burn them!
---
Vist my website!
Join me in IRC! Server: st0rage.org Channel: #UnhandledExceptions
Go to the top of the page
 
+Quote Post
hughesjr
post Mar 20 2004, 08:29 AM
Post #9


Its GNU/Linuxhelp.net
*******

Group: Admin
Posts: 3,433
Joined: 25-July 03
From: Corpus Chrsiti, TX, USA
Member No.: 1,151



@termina

Hey ... not only is your ATI video working ... you now have a 2.4.25 slackware kernel (which makes you not vulnerable to this problem) ... at least on that machine smile.gif


--------------------
Johnny Hughes
hughesjr@linuxhelp.net
Enterprise Alternatives: CentOS, WhiteBoxEL
Favorite Workstation Distros (in order): CentOS, Gentoo, Debian Sarge, Ubuntu, Mandrake, FedoraCore, Slackware, SUSE
Favorite Server Distros (in order): CentOS, WhiteBoxEL, Debian Sarge, Slackware, Mandrake, FedoraCore, Gentoo, SUSE
Go to the top of the page
 
+Quote Post
Termina
post Mar 22 2004, 10:48 AM
Post #10


RMS is my Hero
******

Group: Support Specialist
Posts: 862
Joined: 18-February 04
From: Wisconsin
Member No.: 2,404



Indeed!

And it's all thanks to me. *darts eyes around before cackling crazily*

Thanks for the help on that, btw. happy.gif


--------------------
*Points finger at the author above him* They're a witch! Burn them!
---
Vist my website!
Join me in IRC! Server: st0rage.org Channel: #UnhandledExceptions
Go to the top of the page
 
+Quote Post

Reply to this topicStart new topic
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:

 



RSS Lo-Fi Version Time is now: 17th December 2017 - 03:17 AM