[lug] Linux sysctl() Kernel Memory Reading Vulnerability
Justin
glow at jackmoves.com
Thu Feb 15 13:10:35 MST 2001
I just noticed this on securityfocus.com. I'm running a 2.2.15 kernel
on my 3 "production" boxes and don't really want to have to upgrade
them all if it's not absolutely necessary. Now there is a fix for
kernels that requires you to compile a kernel module sysctl_fix.c. Do I
just use the source code that is provided and compile it with the
command they give you? Does this replace an existing kernel include
file or something? The exploit I'm referencing is located at:
http://www.securityfocus.com/frames/index.html?focus=linux
If you go to the solution tab you can see what I'm talking about.
Thanks for any help.
Justin
-----
glow at jackmoves.com
www.jackmoves.com
More information about the LUG
mailing list