LOL!
> -----Original Message-----
> From: Steve Howes [mailto:steve (at mark) geekinter.net]
> Sent: Tuesday, August 25, 2009 3:35 AM
> To: coba-e (at mark) bluequartz.org
> Subject: [coba-e:15927] Re: {Spam?} Re: Major Update Kernel Included -
> Update
>
> I'm only getting them once. Maybe its a problem your end? You appear
> to have a caps lock fault, maybe it is related.
>
> Steve
>
> On 25 Aug 2009, at 03:33, microv wrote:
>
> > WHY AM I GETTING 2 OF EVERYONE'S MESSAGES FROM THIS LISTSERV? CAN IT
> > BE
> > FIXED?
> >
> >
> > -----Original Message-----
> > From: Tom W [mailto:midintertech (at mark) hotmail.com]
> > Sent: Monday, August 24, 2009 10:14 PM
> > To: coba-e (at mark) bluequartz.org
> > Subject: {Spam?} [coba-e:15925] Re: Major Update Kernel Included -
> > Update
> >
> >
> > ----------------------------------------
> >> Date: Sun, 23 Aug 2009 04:53:01 +0200
> >> From: bq (at mark) solarspeed.net
> >> Subject: [coba-e:15916] Re: Major Update Kernel Included
> >> To: coba-e (at mark) bluequartz.org
> >>
> >> Hi Tom,
> >>
> >>> About the linux kernel vuln, wonder how long its gonna take them
> >>> to get out an update for it??
> >>
> >> I'm puzzled about that as well. My money was on last Monday for an
> >> updated
> >> RHEL5 kernel and 11 days later for a CentOS5 kernel. But it looks
> >> RH is
> > taking
> >> a different route this time. It appears they'll provide a fix
> >> during the
> > next
> >> "routine" kernel update and paying clients can request a "hotfixed"
> > kernel.
> >>
> >>> Even though they say its local user, we have been reading reports,
> >>> far
> > too
> >>> many for our comfort level, that say hacktards are using xss and
> >>> other
> >>> methods remotely to get hacks for this kernel problem onto systems
> >>> as a
> >>> local user and hacking quite a few boxes already!?
> >>
> >> Exactly so. It is always bad if lax security or an ill designed
> > application
> >> (PHP script, etc.) allows someone local and unprivileged access to
> >> the OS.
> >> That shouldn't happen in an ideal world, but in the hosting
> >> business we
> > see
> >> this far too often for various reasons. In BlueOnyx we raised the
> >> bar for
> > this
> >> by adding some extra layers of protection beyond what BlueQuartz
> >> offers,
> > but
> >> still: It ain't Fort Knox and the admins might even choose to
> >> disable the
> >> extra security. All that it then takes is another hole such as this
> >> kernel
> >> vulnerability and the attacker can escalate his unprivileged local
> >> access
> > to
> >> gain root access.
> >>
> >>> Has anybody tried the "workaround" they have listed on that redhat
> >>> bug
> >>> report by disabling some modules or know if that would actually
> >>> help on
> > our
> >>> CentosBQ boxes?
> >>
> >> For BlueOnyx and CentOS5 we rolled up a patched kernel. It's just
> >> one line
> > of
> >> code that's changed and the new kernel appears to be both stable
> >> and safe.
> > For
> >> CentOS4 it should be equally trivial to roll up a fixed kernel. I'd
> >> trust
> > that
> >> more than the other suggested work arounds, which I haven't tested.
> >>
> >>> I ran lsmod and didn't think I saw any of the modules loaded??
> >>
> >> Yeah, but they will be loaded if the kernel needs them. Unless you
> >> stop
> > the
> >> loading of kernel modules with a third party tool such as LCAP. But
> >> the
> > way
> >> this exploits works I'm not sure LCAP alone would prevent it. Haven't
> > tested
> >> that, though.
> >>
> >>> We also read that disabling selinux was a good idea but I don't
> >>> thing its
> > on
> >>> by default in CentosBQ??
> >>
> >> SELinux is disabled by default on BlueQuartz and BlueOnyx. On a
> >> "normal"
> >> CentOS it's typically set to enforcing mode, but that didn't stop the
> > exploit
> >> either in the default SELinux configuration used on RHEL and CentOS.
> >>
> >> All in all I'm not a happy camper with this situation at hands. That
> > CentOS is
> >> late with handing down patches and that they never fix something that
> > RedHat
> >> doesn't fix upstream ... both of that ain't new. But that RedHat
> >> sits this
> > one
> >> out has me somewhat puzzled. Like said: The issue is trivial to
> >> patch and
> > that
> >> extra bit of Q&A should be easy to shake loose for a giant like
> >> RedHat.
> > But
> >> they leave the field to Debian, Fedora Core and other
> >> distributions, who
> >> already jumped on it and pushed out fixed kernels as fast as one
> >> ought to
> >> expect .
> >>
> >> --
> >> With best regards,
> >>
> >> Michael Stauber
> >>
> >
> > Hey they must have heard us griping! :P In case someone missed
> > it, CentOS released new kernel's fixing the SOCKOPS_WRAP/sendpage
> > bug and also another bug I hadn't even read about. We were pleasantly
> > surprised because we were just about to try and roll our own kernel
> > with the patch in ourselves which could have had interesting results.
> > CentOS really got the kernel out fast considering Redhat just posted
> > it today..
> >
> > They said it might take little awhile for it to hit all the mirrors...
> >
> > kernel-2.6.9-89.0.9.EL
> > http://lists.centos.org/pipermail/centos-announce/2009-
> August/016108.html
> >
> >
> >
> > Tom
> >
> > _________________________________________________________________
> > Get back to school stuff for them and cashback for you.
> >
> http://www.bing.com/cashback?form=MSHYCB&publ=WLHMTAG&crea=TEXT_MSHYCB_Bac
> kT
> > oSchool_Cashback_BTSCashback_1x1
> >
> >
> > --
> > This message has been scanned for viruses and
> > dangerous content by Our MailScanner, and is
> > believed to be clean.
> >