I'm only getting a single email from each of the posters...
-----Original Message-----
From: microv [mailto:microv (at mark) microvisionfl.com]
Sent: Tuesday, August 25, 2009 6:04 AM
To: coba-e (at mark) bluequartz.org
Subject: [coba-e:15929] Re: {Spam?} Re: {Spam?} Re: Major Update Kernel
Included - Update
No caps lock problem here. I was shouting...... It's annoying. It's not on
my end. It's coming to the same email 3 different times. Who is the
moderator?
-----Original Message-----
From: Steve Howes [mailto:steve (at mark) geekinter.net]
Sent: Tuesday, August 25, 2009 3:35 AM
To: coba-e (at mark) bluequartz.org
Subject: {Spam?} [coba-e:15927] Re: {Spam?} Re: Major Update Kernel Included
- Update
I'm only getting them once. Maybe its a problem your end? You appear to have
a caps lock fault, maybe it is related.
Steve
On 25 Aug 2009, at 03:33, microv wrote:
> WHY AM I GETTING 2 OF EVERYONE'S MESSAGES FROM THIS LISTSERV? CAN IT
> BE FIXED?
>
>
> -----Original Message-----
> From: Tom W [mailto:midintertech (at mark) hotmail.com]
> Sent: Monday, August 24, 2009 10:14 PM
> To: coba-e (at mark) bluequartz.org
> Subject: {Spam?} [coba-e:15925] Re: Major Update Kernel Included -
> Update
>
>
> ----------------------------------------
>> Date: Sun, 23 Aug 2009 04:53:01 +0200
>> From: bq (at mark) solarspeed.net
>> Subject: [coba-e:15916] Re: Major Update Kernel Included
>> To: coba-e (at mark) bluequartz.org
>>
>> Hi Tom,
>>
>>> About the linux kernel vuln, wonder how long its gonna take them to
>>> get out an update for it??
>>
>> I'm puzzled about that as well. My money was on last Monday for an
>> updated
>> RHEL5 kernel and 11 days later for a CentOS5 kernel. But it looks RH
>> is
> taking
>> a different route this time. It appears they'll provide a fix during
>> the
> next
>> "routine" kernel update and paying clients can request a "hotfixed"
> kernel.
>>
>>> Even though they say its local user, we have been reading reports,
>>> far
> too
>>> many for our comfort level, that say hacktards are using xss and
>>> other methods remotely to get hacks for this kernel problem onto
>>> systems as a local user and hacking quite a few boxes already!?
>>
>> Exactly so. It is always bad if lax security or an ill designed
> application
>> (PHP script, etc.) allows someone local and unprivileged access to
>> the OS.
>> That shouldn't happen in an ideal world, but in the hosting business
>> we
> see
>> this far too often for various reasons. In BlueOnyx we raised the bar
>> for
> this
>> by adding some extra layers of protection beyond what BlueQuartz
>> offers,
> but
>> still: It ain't Fort Knox and the admins might even choose to disable
>> the extra security. All that it then takes is another hole such as
>> this kernel vulnerability and the attacker can escalate his
>> unprivileged local access
> to
>> gain root access.
>>
>>> Has anybody tried the "workaround" they have listed on that redhat
>>> bug report by disabling some modules or know if that would actually
>>> help on
> our
>>> CentosBQ boxes?
>>
>> For BlueOnyx and CentOS5 we rolled up a patched kernel. It's just one
>> line
> of
>> code that's changed and the new kernel appears to be both stable and
>> safe.
> For
>> CentOS4 it should be equally trivial to roll up a fixed kernel. I'd
>> trust
> that
>> more than the other suggested work arounds, which I haven't tested.
>>
>>> I ran lsmod and didn't think I saw any of the modules loaded??
>>
>> Yeah, but they will be loaded if the kernel needs them. Unless you
>> stop
> the
>> loading of kernel modules with a third party tool such as LCAP. But
>> the
> way
>> this exploits works I'm not sure LCAP alone would prevent it. Haven't
> tested
>> that, though.
>>
>>> We also read that disabling selinux was a good idea but I don't
>>> thing its
> on
>>> by default in CentosBQ??
>>
>> SELinux is disabled by default on BlueQuartz and BlueOnyx. On a
>> "normal"
>> CentOS it's typically set to enforcing mode, but that didn't stop the
> exploit
>> either in the default SELinux configuration used on RHEL and CentOS.
>>
>> All in all I'm not a happy camper with this situation at hands. That
> CentOS is
>> late with handing down patches and that they never fix something that
> RedHat
>> doesn't fix upstream ... both of that ain't new. But that RedHat sits
>> this
> one
>> out has me somewhat puzzled. Like said: The issue is trivial to patch
>> and
> that
>> extra bit of Q&A should be easy to shake loose for a giant like
>> RedHat.
> But
>> they leave the field to Debian, Fedora Core and other distributions,
>> who already jumped on it and pushed out fixed kernels as fast as one
>> ought to expect .
>>
>> --
>> With best regards,
>>
>> Michael Stauber
>>
>
> Hey they must have heard us griping! :P In case someone missed it,
> CentOS released new kernel's fixing the SOCKOPS_WRAP/sendpage bug and
> also another bug I hadn't even read about. We were pleasantly
> surprised because we were just about to try and roll our own kernel
> with the patch in ourselves which could have had interesting results.
> CentOS really got the kernel out fast considering Redhat just posted
> it today..
>
> They said it might take little awhile for it to hit all the mirrors...
>
> kernel-2.6.9-89.0.9.EL
> http://lists.centos.org/pipermail/centos-announce/2009-August/016108.h
> tml
>
>
>
> Tom
>
> _________________________________________________________________
> Get back to school stuff for them and cashback for you.
>
http://www.bing.com/cashback?form=MSHYCB&publ=WLHMTAG&crea=TEXT_MSHYCB_BackT
> oSchool_Cashback_BTSCashback_1x1
>
>
> --
> This message has been scanned for viruses and dangerous content by Our
> MailScanner, and is believed to be clean.
>
--
This message has been scanned for viruses and dangerous content by Our
MailScanner, and is believed to be clean.