[lug] Linux sysctl() Kernel Memory Reading Vulnerability
D. Stimits
stimits at idcomm.com
Thu Feb 15 17:29:47 MST 2001
Justin wrote:
>
> Well my boxes do meet the requirements you mentioned, although getting
> the patch in seems like a sketchy process. I noticed the exploit was
> local too, would users connected to the box via ssh or telnet be
> considered local? One of the machines is a shell server which has users
> connected to it 24/7. However, I don't suspect any of my users would
> try to exploit the box, I don't want to overlook a potential security
> hole. Thanks for your help...
Anyone with a real user account that logs in via ssh or telnet would be
local once logged in. Adding that as a module probably would not disrupt
your regular kernel, provided you have your kernel source available and
configured to match the installed system already. It wouldn't hurt to
try to compile it and see if it fails or not; the question then is
whether you want to install it or test it. Modules are just
that...separate plugin items that can extend the kernel and be added or
removed at will.
>
> Justin
>
> > I didn't try to compile or use the fix, but here is what it looks
> like.
> > This is an independent module that does not require patching the
> actual
> > kernel. But for it to compile correctly, you'd need the current kernel
> > source to be both installed AND matching your running system. Then you
> > add the module somewhere within your module directory (depending on
> > version and preferences), followed by something like depmod -a to tell
> > it to update module info. It *looks* like this is a new module, and
> not
> > a replacement for anything existing. Since I haven't tested this,
> > consider it only advice. FYI, it does not appear to be a remote
> exploit,
> > so a user would need local access to use it.
> >
> > D. Stimits, stimits at idcomm.com
> > _______________________________________________
> > Web Page: http://lug.boulder.co.us
> > Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> >
> >
>
> -----
> glow at jackmoves.com
> www.jackmoves.com
> _______________________________________________
> Web Page: http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
More information about the LUG
mailing list