I'm only getting them once. Maybe its a problem your end? You appear
to have a caps lock fault, maybe it is related.
Steve
On 25 Aug 2009, at 03:33, microv wrote:
> WHY AM I GETTING 2 OF EVERYONE'S MESSAGES FROM THIS LISTSERV? CAN IT
> BE
> FIXED?
>
>
> -----Original Message-----
> From: Tom W [mailto:midintertech (at mark) hotmail.com]
> Sent: Monday, August 24, 2009 10:14 PM
> To: coba-e (at mark) bluequartz.org
> Subject: {Spam?} [coba-e:15925] Re: Major Update Kernel Included -
> Update
>
>
> ----------------------------------------
>> Date: Sun, 23 Aug 2009 04:53:01 +0200
>> From: bq (at mark) solarspeed.net
>> Subject: [coba-e:15916] Re: Major Update Kernel Included
>> To: coba-e (at mark) bluequartz.org
>>
>> Hi Tom,
>>
>>> About the linux kernel vuln, wonder how long its gonna take them
>>> to get out an update for it??
>>
>> I'm puzzled about that as well. My money was on last Monday for an
>> updated
>> RHEL5 kernel and 11 days later for a CentOS5 kernel. But it looks
>> RH is
> taking
>> a different route this time. It appears they'll provide a fix
>> during the
> next
>> "routine" kernel update and paying clients can request a "hotfixed"
> kernel.
>>
>>> Even though they say its local user, we have been reading reports,
>>> far
> too
>>> many for our comfort level, that say hacktards are using xss and
>>> other
>>> methods remotely to get hacks for this kernel problem onto systems
>>> as a
>>> local user and hacking quite a few boxes already!?
>>
>> Exactly so. It is always bad if lax security or an ill designed
> application
>> (PHP script, etc.) allows someone local and unprivileged access to
>> the OS.
>> That shouldn't happen in an ideal world, but in the hosting
>> business we
> see
>> this far too often for various reasons. In BlueOnyx we raised the
>> bar for
> this
>> by adding some extra layers of protection beyond what BlueQuartz
>> offers,
> but
>> still: It ain't Fort Knox and the admins might even choose to
>> disable the
>> extra security. All that it then takes is another hole such as this
>> kernel
>> vulnerability and the attacker can escalate his unprivileged local
>> access
> to
>> gain root access.
>>
>>> Has anybody tried the "workaround" they have listed on that redhat
>>> bug
>>> report by disabling some modules or know if that would actually
>>> help on
> our
>>> CentosBQ boxes?
>>
>> For BlueOnyx and CentOS5 we rolled up a patched kernel. It's just
>> one line
> of
>> code that's changed and the new kernel appears to be both stable
>> and safe.
> For
>> CentOS4 it should be equally trivial to roll up a fixed kernel. I'd
>> trust
> that
>> more than the other suggested work arounds, which I haven't tested.
>>
>>> I ran lsmod and didn't think I saw any of the modules loaded??
>>
>> Yeah, but they will be loaded if the kernel needs them. Unless you
>> stop
> the
>> loading of kernel modules with a third party tool such as LCAP. But
>> the
> way
>> this exploits works I'm not sure LCAP alone would prevent it. Haven't
> tested
>> that, though.
>>
>>> We also read that disabling selinux was a good idea but I don't
>>> thing its
> on
>>> by default in CentosBQ??
>>
>> SELinux is disabled by default on BlueQuartz and BlueOnyx. On a
>> "normal"
>> CentOS it's typically set to enforcing mode, but that didn't stop the
> exploit
>> either in the default SELinux configuration used on RHEL and CentOS.
>>
>> All in all I'm not a happy camper with this situation at hands. That
> CentOS is
>> late with handing down patches and that they never fix something that
> RedHat
>> doesn't fix upstream ... both of that ain't new. But that RedHat
>> sits this
> one
>> out has me somewhat puzzled. Like said: The issue is trivial to
>> patch and
> that
>> extra bit of Q&A should be easy to shake loose for a giant like
>> RedHat.
> But
>> they leave the field to Debian, Fedora Core and other
>> distributions, who
>> already jumped on it and pushed out fixed kernels as fast as one
>> ought to
>> expect .
>>
>> --
>> With best regards,
>>
>> Michael Stauber
>>
>
> Hey they must have heard us griping! :P In case someone missed
> it, CentOS released new kernel's fixing the SOCKOPS_WRAP/sendpage
> bug and also another bug I hadn't even read about. We were pleasantly
> surprised because we were just about to try and roll our own kernel
> with the patch in ourselves which could have had interesting results.
> CentOS really got the kernel out fast considering Redhat just posted
> it today..
>
> They said it might take little awhile for it to hit all the mirrors...
>
> kernel-2.6.9-89.0.9.EL
> http://lists.centos.org/pipermail/centos-announce/2009-August/016108.html
>
>
>
> Tom
>
> _________________________________________________________________
> Get back to school stuff for them and cashback for you.
> http://www.bing.com/cashback?form=MSHYCB&publ=WLHMTAG&crea=TEXT_MSHYCB_BackT
> oSchool_Cashback_BTSCashback_1x1
>
>
> --
> This message has been scanned for viruses and
> dangerous content by Our MailScanner, and is
> believed to be clean.
>