Article 15915 at 09/08/23 10:55:42 From: midintertech (at mark) hotmail.com Subject: [coba-e:15915] Re: Major Update Kernel Included

Index: [Article Count Order] [Thread]
Date:  Sat, 22 Aug 2009 20:55:40 -0500
From:  Tom W <midintertech (at mark) hotmail.com>
Subject:  [coba-e:15915] Re: Major Update Kernel Included
To:  "coba-e (at mark) bluequartz.org" <coba-e (at mark) bluequartz.org>
Message-Id:  <BAY107-W29A1C5A7B18145D7A68A4AD1FA0 (at mark) phx.gbl>
In-Reply-To:  <200908222315.16092.bq (at mark) solarspeed.net>
References:  <200908222022.n7MKMK6C008481 (at mark) ana.xnet.com.mx> <200908222315.16092.bq (at mark) solarspeed.net>
X-Mail-Count: 15915


----------------------------------------
> Date: Sat, 22 Aug 2009 23:15:15 +0200
> From: bq (at mark) solarspeed.net
> Subject: [coba-e:15913] Re: Major Update Kernel Included
> To: coba-e (at mark) bluequartz.org
>
> Hi Rodrigo,
>
>> We are doing the Centos Updates released today,
>>
>> Anyone with good / bad news after updating
>
> I just did two updates of BlueQuartz boxes from CentOS 4.7 to CentOS 4.8. One
> was a stand alone box, the other one a VPS on Aventurin{e}.
>
> Both rebooted without hitches and came back with no surprises.
>
> So it looks good so far. Except that CentOS 4.8 is about 14-15 weeks late.
> They really took their time with it. :o/
>
> And the included (new) kernel is still has the vulnerability CVE-2009-2692
> which allows local users to gain root access:
>
> http://blog.cr0.org/2009/08/linux-null-pointer-dereference-due-to.html
> https://bugzilla.redhat.com/show_bug.cgi?id=516949#c10
>
> --
> With best regards,
>
> Michael Stauber
>


As to the long time coming CentOS 4.8 updates, we have installed 
them on one box so far as a test and it seems ok so far.

About the linux kernel vuln, wonder how long its gonna take them
to get out an update for it?? Even though they say its local user,
we have been reading reports, far too many for our comfort level,
that say hacktards are using xss and other methods remotely to get
hacks for this kernel problem onto systems as a local user and hacking
quite a few boxes already!? Redhat, centos only have it marked as 
important but to me it sounds more critical. Has anybody tried the
"workaround" they have listed on that redhat bug report by disabling
some modules or know if that would actually help on our CentosBQ boxes?
I ran lsmod and didn't think I saw any of the modules loaded?? We also
read that disabling selinux was a good idea but I don't thing its on by
default in CentosBQ??

quote from redhat bugzilla report:

"** On Red Hat Enterprise Linux 4 and 5, add these entries to the end of 
the /etc/modprobe.conf file: 
install pppox /bin/true 
install bluetooth /bin/true 
install sctp /bin/true 

Note that the sctp module cannot be 
unloaded in the running kernel if it is already loaded. You will need 
to make the changes in the /etc/modprobe.conf file and do a reboot. "



Tom  

_________________________________________________________________
Get back to school stuff for them and cashback for you.
http://www.bing.com/cashback?form=MSHYCB&publ=WLHMTAG&crea=TEXT_MSHYCB_BackToSchool_Cashback_BTSCashback_1x1