Re: Kernel versions 2.2.x are also affected by new Kernel bug!
Hi list, in addition (and in opposite to what was posted on www.heise.de) kernel-versions 2.2.x are also affected - I tested it on two different machines. Just to inform you...
And again SuSE-people (with a Hello! to Roman ;)): when will we get an update? I am not asking for 2.2.x, but for 2.4.x and 2.6.x kernels...
The bug is classified "Gravierend" in Heise Newsticker, which I do not fully comply with. This is a post-auth local DoS that there exist many of these days. All of those have a simple cure: userdel -r. We have heard of it shortly before the weekend, and we're working on it. There are some more bugs that are to be considered more serious, from a more objective standpoint - we will include the fixes for these with even more pressure.
Greetz Christoph
Thanks, Roman.
Hi list, in addition (and in opposite to what was posted on www.heise.de) kernel-versions 2.2.x are also affected - I tested it on two different machines. Just to inform you...
And again SuSE-people (with a Hello! to Roman ;)): when will we get an update? I am not asking for 2.2.x, but for 2.4.x and 2.6.x kernels...
The bug is classified "Gravierend" in Heise Newsticker, which I do not fully comply with. This is a post-auth local DoS that there exist many of these days. All of those have a simple cure: userdel -r.
We have heard of it shortly before the weekend, and we're working on it. There are some more bugs that are to be considered more serious, from a more objective standpoint - we will include the fixes for these with even more pressure.
Hi @all Where is provided with to the Patch?
Find I the Patch in YAST if you are ready?
Greetz Christoph
Thanks, Roman.
--
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello, Roman Drahtmueller. On 15.06.2004 14:20 you said the following: | The bug is classified "Gravierend" in Heise Newsticker, which I do not | fully comply with. This is a post-auth local DoS that there exist many of | these days. All of those have a simple cure: userdel -r. And what about hosting providers with thousands of clients? User can upload exploit via ftp and execute it via httpd. Internet Service Providers have to userdel -r too? - -- Boris B. Zhmurov mailto: bb@sendmail.ru "wget http://bb.rbcmail.ru/bb_public_key.pgp -O - | gpg --import" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFAzuFwmEQixi5w37YRAhYkAJ4u3SZobmWuxtDNVb3dbGTxGxW2WwCfVi0z aE6crbmu0clQYHjntQ3/tAE= =aUtd -----END PGP SIGNATURE-----
On Tuesday 15 June 2004 06:45, Boris B. Zhmurov wrote:
On 15.06.2004 14:20 you said the following: | The bug is classified "Gravierend" in Heise Newsticker, which I do | not fully comply with. This is a post-auth local DoS that there | exist
many of
| these days. All of those have a simple cure: userdel -r.
And what about hosting providers with thousands of clients? User can upload exploit via ftp and execute it via httpd. Internet Service Providers have to userdel -r too?
Not just "yes", but "hell, yes". For one, if you have a user/customer that would do that to your system, you don't need them, no matter how much they pay. Also, most hosting TOS/AUPs prohibit that kind of behavior. If I had a customer who did that to my system, his account would be cancelled and his name given to the other ISPs and hosting providers in town before that machine was finished rebooting. -- Homepage http://scott.exti.net XFce desktop environment http://www.xfce.org Goodies for the XFce desktop http://xfce-goodies.berlios.de GPG public key ID: 811B00AB
Hi Scott, Scott Jones wrote:
| The bug is classified "Gravierend" in Heise Newsticker, which I do | not fully comply with. This is a post-auth local DoS that there | exist
many of
| these days. All of those have a simple cure: userdel -r.
And what about hosting providers with thousands of clients? User can upload exploit via ftp and execute it via httpd. Internet Service Providers have to userdel -r too?
Not just "yes", but "hell, yes". For one, if you have a user/customer that would do that to your system, you don't need them, no matter how much they pay. Also, most hosting TOS/AUPs prohibit that kind of behavior. If I had a customer who did that to my system, his account would be cancelled and his name given to the other ISPs and hosting providers in town before that machine was finished rebooting.
I wounder how you'd find that out before that machine has rebooted? The problem is not that this user might do it again (userdel -r will prevent him from doing that), but if he does it once that'll do enough harm. And it won't be so easy to find out who did it. I agree with Boris - I'd feel better with a patch. Greetings, Ralf
Ralf Ronneburger wrote:
And what about hosting providers with thousands of clients? User can upload exploit via ftp and execute it via httpd. Internet Service Providers have to userdel -r too?
Not just "yes", but "hell, yes". For one, if you have a user/customer that would do that to your system, you don't need them, no matter how much they pay. Also, most hosting TOS/AUPs prohibit that kind of behavior. If I had a customer who did that to my system, his account would be cancelled and his name given to the other ISPs and hosting providers in town before that machine was finished rebooting.
I wounder how you'd find that out before that machine has rebooted? The problem is not that this user might do it again (userdel -r will prevent him from doing that), but if he does it once that'll do enough harm. And it won't be so easy to find out who did it. I agree with Boris - I'd feel better with a patch.
Well, okay, but there is a patch. at least not from suse but hosting providers hopefully use their own kernel anyway cause of the many useless things a normal suse kernel supports (even when just as module). Nothing against SuSE Kernels, but on such boxes like hosting providers tend to run i would highly recommend a self baked kernel. If its that critical its better to be your own boss instead of waiting for others. Regards, Sven
participants (6)
-
Boris B. Zhmurov -
christian.gans@itpaik.de -
Ralf Ronneburger -
Roman Drahtmueller -
Scott Jones -
Sven 'Darkman' Michels