Navigation

User login

LUG Meetings

Meet up with Montana Linux people on IRC. We currently gather at the #ubuntu-montana room on the freenode network. Stop in and say "hello" or even ask/answer some questions. Don't have to be a Ubuntu user either. Or use the web-based chat client.

BillingsLUG
The BillingsLUG hasn't had a meeting in a while but they are hoping to start back up real soon. Really.

BozemanLUG
The BozemanLUG meets on the FIRST Thursday of the month at 7PM

MSU-Bozeman
EPS Building, Rm 259
Bozeman, MT
Used to be the LAST Thursday, but we changed it.

HelenaLUG
The HelenaLUG is currently on hiatus.

MissoulaLUG
The MissoulaLUG is currently on hiatus but a few individuals are working in the background to change that ASAP.

If you want to help get the BillingsLUG, HelenaLUG, or the MissoulaLUG started again, be sure to visit us in IRC.

Events

Upcoming events

no upcoming events available

Kernel 2.6.17 - 2.6.24 Security Flaw

Submitted by Scott Dowdle on Sat, 2008-02-09 21:21. Kernel | security

Just so you are aware... two days ago a bug was announced in Linux kernels 2.6.17 and above... that will give a local user root access. Here's info with the exploit code:

http://www.securityfocus.com/bid/27704/info

I have verified that the exploit compiles and works. I was able to get root on stock Fedora, RHEL and CentOS machines running the 2.6.18 or above kernels. Supposedly all distros running a 2.6.17 or later kernel are affected... even those running with the grsecurity patches.

I was unable to get root on an OpenVZ patched kernel but the exploit did cause a kernel panic that locked the machine I tried it on. I didn't want to crash any more machines so I didn't try any more. I've heard (but have not verified) that Linux-Vserver is affected on both the host node and inside of containers although exploits done within containers only get root of the container and are still trapped inside of it. Your milage may vary. Kernels prior to 2.6.17 are not affected. I hope vendors have fixes for this RSN... although I have heard that the current fix is not complete.

Update: The bug got fixed upstream late Sunday... and has found its way into a number of distro updates including Debian, rPath, Fedora, and PCLinuxOS. Red Hat, after the QA process, just released this morning (Tuesday). It seems that distros or kernel releases based on distro release updates will take a bit longer... CentOS and OpenVZ for example.

Update: 02/13/08 CentOS has released updated kernel packages.

» Scott Dowdle's blog | login to post comments

PCLinuxOS has fixed their kernels

Submitted by Joble on Tue, 2008-02-12 07:54.

I know I'm probably the only one in HelenaLUG using this distro, but this morning I found updates to every kernel currently supported in PCLinuxOS. Theirs is fixed.
--------------------
Have an Awesome Day!
My Linux OS of Choice
PCLinuxOS Magazine Online

» login to post comments