Hi all. Julien Tinnes and Tavis Ormandy from the Google Security Team have recently found a Linux kernel vulnerability which affects all 2.4 and 2.6 kernels since 2001 on all architectures. Please read the announcement on LWM: http://lwn.net/Articles/347006/ for further information about the vulnerability and the exploit which has been provided by Brad Spengler (you will find updates on his twitter site). The only workaroud that is known to me atm is to disable the affected kernel modules (which should be handled with care as some of them may provide necessary functionality in your operating environment): echo "alias net-pf-3 off # Amateur Radio AX.25 alias net-pf-4 ipx # IPX alias net-pf-5 off # DDP / AppleTalk alias net-pf-9 off # X.25 # alias net-pf-10 off # IPv6 alias net-pf-23 off # IrDA alias net-pf-24 # PPPoE alias net-pf-31 off # Bluetooth" >> /etc/modprobe.conf Best Regards Marcus
Marcus Moeller wrote on Fri, 14 Aug 2009 14:24:39 +0200:> The only workaroud that is known to me atm is to disable the affected > kernel modules (which should be handled with care as some of them may > provide necessary functionality in your operating environment):If vm.mmap_min_addr is > 0 you are also not affected, at least not by that exploit. http://www.h-online.com/security/Critical-vulnerability-in-the-Linux- kernel-affects-all-versions-since-2001--/news/114004 CentOS 5 has it sent to 65536 by default. CentoS 4 should be vulnerable. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com