If this is your first visit, be sure to
check out the FAQ. You will have to register
before you can post. To start viewing messages,
select the forum that you want to visit from the selection below.
If you have copied text output that contains formatting (colors, highlighting, etc.), please do not enclose it in QUOTE or CODE tags. Just right-click your mouse and choose "Paste Without Formatting" or similar (Paste as plain text).
64 bit Kubuntu 9.10
2.6.31-14-generic #48-Ubuntu SMP
/proc/sys/vm/mmap_min_addr is 0
"A nation that is afraid to let its people judge the truth and falsehood in an open market is a nation that is afraid of its people.”
– John F. Kennedy, February 26, 1962.
You mean to say that this vulnerability only works if you don't have a firewall? Sheesh! If that's the case then the reports I've seen in the press are written by incompetents.
Haven't really digged into this, but AFAIK a null-point dereference kernel vulnerability can only be used to elevate privileges (user>root), so to exploit it one needs shell access to the system (ability to log into the system as a user)...so firewall is usually not essential in preventing these kinds of exploits.
If a bad guy is going to hack into your Kubuntu box it will, more than likely, be as the user, since remote access to root is not allowed and root has no password. After gaining access to the user account this exploit can be used to elevate priviledges. A good firewall will prevent a bad guy from hacking in.
Well, no remote logins are allowed in kubuntu by default (even as a user), you need to install a server for that (like ssh). And a properly configured ssh server won't allow bad guys in even without a firewall, which has to have some holes anyway to allow intended usage. (In most cases allowing password logins in ssh is poor security, using host key authentication is much better). And I think I read somewhere that this particular vulnerability needs local access (not remote). So I still think firewall is not the deciding factor here . Nothing against firewalls in general, of course.
Originally posted by GreyGeek
64 bit Kubuntu 9.10
2.6.31-14-generic #48-Ubuntu SMP
/proc/sys/vm/mmap_min_addr is 0
I got the impression that installing some VM software like qemu (or wine) may set the value to 0.
......
I got the impression that installing some VM software like qemu (or wine) may set the value to 0.
Could be. I did install CrossOver on this box in order to run a Window app that I used to write a fly-by-wire control system for a new kind of ag tractor.
"A nation that is afraid to let its people judge the truth and falsehood in an open market is a nation that is afraid of its people.”
– John F. Kennedy, February 26, 1962.
GreyGeek:
Regardless, I suspect this hole will be patched before bad guys can exploit it to any useful extent. After all, it took them EIGHT MONTHS to capture only 700 poorly administered Linux boxes. That's a lot of work for such a small reward. 700 Linux zombies, as good as Linux is, cannot match the output of 1,300,000 Windows zombies.
OT, but I couldn't leave it alone I believe those compromised Linux boxes were set up such that they rely on MS-Win machines for security. It would indeed take eight months to find a few of those!
......
I got the impression that installing some VM software like qemu (or wine) may set the value to 0.
Could be. I did install CrossOver on this box in order to run a Window app that I used to write a fly-by-wire control system for a new kind of ag tractor.
Must be. I have WINE installed and VirtualBOX and "cat /proc/sys/vm/mmap_min_addr" reported "0"
Comment