See http://www.heise.de/newsticker/data/ju-20.03.03-000/ or http://www.securityfocus.com/archive/1/315635 Has this been discussed here already? bye, [MH] -- Die unaufgeforderte Zusendung einer Werbemail an Privatleute verstößt gegen §1 UWG und §823 I BGB (Beschluß des LG Berlin vom 2.8.1998 Az: 16 O 201/98). Jede kommerzielle Nutzung der übermittelten persönlichen Daten sowie deren Weitergabe an Dritte ist ausdrücklich untersagt! gpg key fingerprint: 5F64 4C92 9B77 DE37 D184 C5F9 B013 44E7 27BD 763C
--- Mathias Homann
See http://www.heise.de/newsticker/data/ju-20.03.03-000/ or http://www.securityfocus.com/archive/1/315635
Has this been discussed here already?
Yes, already by several people, and I seriously do not understand the silence from SuSE (even given CeBIT as an excuse). My short investigation showed that at least SuSE 7.3 and 8.1 default kernels (2.4.10 and 2.4.19, respectively) are vulnerable to this exploit, this is freely available on the web! And I do not understand statements like:
FYI, new GRsecurity 1.9.9d solves this problem.
Sure, there's even simpler way - one may just apply Alan Cox's patch to his kernel and happily go ahead, but I guess it's rather expected that SuSE provides a patched kernel rpms combined with usual official security notice... Or am I wrong? Eduard __________________________________________________ Do you Yahoo!? Yahoo! Platinum - Watch CBS' NCAA March Madness, live on your desktop! http://platinum.yahoo.com
Has this been discussed here already?
Yes, already by several people, and I seriously do not understand the silence from SuSE (even given CeBIT as an excuse). My short investigation showed that at least SuSE 7.3 and 8.1 default kernels (2.4.10 and 2.4.19, respectively) are vulnerable to this exploit, this is freely available on the web!
And I do not understand statements like:
FYI, new GRsecurity 1.9.9d solves this problem.
Sure, there's even simpler way - one may just apply Alan Cox's patch to his kernel and happily go ahead, but I guess it's rather expected that SuSE provides a patched kernel rpms combined with usual official security notice... Or am I wrong?
You might be, yes. The complete and correct fix is not there yet. We're
working on it, but be sure we won't publish any kernels that we would have
to correct a week or so later again.
The next announcement in the queue has a temporary workaround in section
2).
Roman.
--
- -
| Roman Drahtmüller
Hi Roman,
patch to his kernel and happily go ahead, but I guess it's rather expected that SuSE provides a patched kernel rpms combined with usual official security notice... Or am I wrong?
You might be, yes. The complete and correct fix is not there yet. We're working on it, but be sure we won't publish any kernels that we would have to correct a week or so later again. That is certainly appreciated!
The next announcement in the queue has a temporary workaround in section 2). Hope it'll include an answer to Bob Vicker's question as well:
It has been suggested that a workround is to set /proc/sys/kernel/modprobe to /any/bogus/file
Could a kind expert summarise in layman's terms what functionality you lose by doing this on a running system that has been up for a while (so most of the needed modules are already loaded)?
Thanks for the answer, Eduard __________________________________________________ Do you Yahoo!? Yahoo! Platinum - Watch CBS' NCAA March Madness, live on your desktop! http://platinum.yahoo.com
It has been suggested that a workround is to set /proc/sys/kernel/modprobe to /any/bogus/file Could a kind expert summarise in layman's terms what functionality you lose by doing this on a running system that has been up for a while (so most of the needed modules are already loaded)? Thanks, Bob On Thu, 20 Mar 2003, Mathias Homann wrote:
See http://www.heise.de/newsticker/data/ju-20.03.03-000/ or http://www.securityfocus.com/archive/1/315635
Has this been discussed here already?
bye, [MH]
-- Die unaufgeforderte Zusendung einer Werbemail an Privatleute verstößt gegen §1 UWG und §823 I BGB (Beschluß des LG Berlin vom 2.8.1998 Az: 16 O 201/98). Jede kommerzielle Nutzung der übermittelten persönlichen Daten sowie deren Weitergabe an Dritte ist ausdrücklich untersagt!
gpg key fingerprint: 5F64 4C92 9B77 DE37 D184 C5F9 B013 44E7 27BD 763C
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
============================================================== Bob Vickers R.Vickers@cs.rhul.ac.uk Dept of Computer Science, Royal Holloway, University of London WWW: http://www.cs.rhul.ac.uk/home/bobv Phone: +44 1784 443691
On Thu, Mar 20, 2003 at 02:26:56PM +0000, Bob Vickers wrote:
It has been suggested that a workround is to set /proc/sys/kernel/modprobe to /any/bogus/file
Could a kind expert summarise in layman's terms what functionality you lose by doing this on a running system that has been up for a while (so most of the needed modules are already loaded)?
Not much, but maybe some. Since all modules loaded via kernel modprobe have the autoclean flag set, they may be removed by the rmmod -a that runs periodically from cron (I am not sure, however, which SuSE releases actually do that, if any). Either way, iso9660, vfat etc may not be loaded. af_packet may not be there so tcpdump will not work. All of this is fixable by loading the appropriate modules manually - provided you know which ones you need. A lot of other stuff should continue to work - everything pcmcia based, hotplug devices like USB, sound (the sound modules may get unloaded when you log out of KDE, maybe). If the sound modules are gone, the easiest way to get them back is to run "modprobe snd-card-0", on SL 8.1 at least. Olaf -- Olaf Kirch | Anyone who has had to work with X.509 has probably okir@suse.de | experienced what can best be described as ---------------+ ISO water torture. -- Peter Gutmann
participants (5)
-
Bob Vickers
-
Eduard Avetisyan
-
Mathias Homann
-
Olaf Kirch
-
Roman Drahtmueller