Patch Your 64Bit Linux Boxes! [Archive] - Glock Talk

PDA

View Full Version : Patch Your 64Bit Linux Boxes!


Pierre!
09-23-2010, 10:32
This isn't the first time i have heard that the new Kernel has issues...

http://seeberconsultblog.com/linux-kernel-exploit-r00ts-64bit-systems/

Just a heads up...

HTH...

Linux3
09-23-2010, 21:58
Lets not jump overboard here.
It's an escalation of privilege exploit and it's only on 64 bit systems. If you have a 32 bit system this is not a problem. If you have updated your system in the last week this is not a problem.

What does this exploit allow?
It allows a local user on a 64 bit system to escalate to 'root' access. Not an outside user, only local users, that is someone who has a login account on THAT system. So, who has a login account on your system?

Most of the 64 bit system I manage only have 1 user so.... Shrug.
Nobody has a local account on my servers so no issue there. Remember, this is not an issue for remote logins, just local.

If you have 64 bit systems and users with accounts on them that are not trustworthy or if you have open accounts and the system is in a place where people can just walk by and login, I would check it.

IndyGunFreak
09-24-2010, 01:32
Lets not jump overboard here.
It's an escalation of privilege exploit and it's only on 64 bit systems. If you have a 32 bit system this is not a problem. If you have updated your system in the last week this is not a problem.

What does this exploit allow?
It allows a local user on a 64 bit system to escalate to 'root' access. Not an outside user, only local users, that is someone who has a login account on THAT system. So, who has a login account on your system?

Most of the 64 bit system I manage only have 1 user so.... Shrug.
Nobody has a local account on my servers so no issue there. Remember, this is not an issue for remote logins, just local.

If you have 64 bit systems and users with accounts on them that are not trustworthy or if you have open accounts and the system is in a place where people can just walk by and login, I would check it.

but. but....

http://i82.photobucket.com/albums/j263/IndyGunFreak/Giantwtf.gif

Personally, I think the article is being a bit sensational when reporting on this.

Linux3
09-24-2010, 13:45
I thin it's a MS fanboy looking for something bad to say about Linux.
I agree with IGF the article was way, way over done.

Pierre!
09-24-2010, 17:33
Hey now - I USE Linux, but I won't even lie and say I KNOW HOW TO RUN Linux... Those 2 ideas are worlds apart.

I just read the article, and they gave the impression that the exploit was being run against production boxes...

Yah, that could be some F.U.D. there...

I usually use Linux and OSX all week long for different purposes. But I know how to RUN a Windows box...

Thanks for the clarification Gents...