Why hasn't there been a kernel update following latest disclosure?
john
lists.john at gmail.com
Tue Aug 18 23:19:32 UTC 2009
Hi Robert et al.,
A follow up:
I tracked this down at
https://bugs.launchpad.net/ubuntu/+source/linux-source-2.6.15/+bug/413656
The answer seems to be that Ubuntu's after 6.06 do ship with the
mmap_min_addr value set non-zero, but that may not be enough to
prevent the attack. The verdict seems to be out on that. However
updated kernels should be forth-coming "soon".
John
On Tue, Aug 18, 2009 at 4:07 PM, john<lists.john at gmail.com> wrote:
> On Tue, Aug 18, 2009 at 11:28 AM, Robert
> Citek<rwcitek at alum.calberkeley.org> wrote:
>> From reading the description of the vulnerability:
>>
>> http://www.h-online.com/security/Critical-vulnerability-in-the-Linux-kernel-affects-all-versions-since-2001--/news/114004
>>
>> it seems as though there might be a simple workaround:
>>
>> "Ormandy and Tiennes say, however, that the exploit will not work on
>> current kernels with mmap_min_addr support if a number greater than
>> zero is defined by means of sysctl as the value for vm.mmap_min_addr."
>>
>> On my 8.04.3 LTS sytem:
>>
>> $ grep mmap_min_addr /etc/sysctl.conf
>> vm.mmap_min_addr = 65536
>>
>> $ sysctl vm.mmap_min_addr
>> vm.mmap_min_addr = 65536
>>
>> I'm not sure if changing the vm.mmap_min_addr is good enough until the
>> kernel patch makes its way down the pipe.
>>
>> Regards,
>> - Robert
>
> Interesting. Thanks Robert. I am running several servers with 8.04 on
> them and my /etc/sysctl.conf file reads the same as yours. I assume
> that 8.10 is similarly configured, but the article says 8.10 is
> vulnerable. So I am going to assume 8.04 is as well. I'll keep looking
> into it.
>
> I appreciate your response!
>
> John
>
More information about the edubuntu-devel
mailing list