[CentOS] local root exploit
Michael A. Peters
mpeters at mac.com
Fri Feb 15 18:48:04 UTC 2008
Valent Turkovic wrote:
> On Mon, Feb 11, 2008 at 11:58 AM, kfx <kadafax at gmail.com> wrote:
>> Valent Turkovic wrote:
>> > I saw that there is a local root exploit in the wild.
>> > http://blog.kagesenshi.org/2008/02/local-root-exploit-on-wild.html
>> >
>> > And I see my centos box still has: 2.6.18-53.1.4.el5
>> >
>> > yum says there are no updates... am I safe?
>> >
>> > Valent.
>> No you're not... and we are a lot in this very embarrassing situation...
>>
>> You can compile (you need kernel-pae-devel's rpm) and insmod this kernel
>> module while waiting for redhat to push out a new kernel and then that
>> centos reroll it.
>> http://home.powertech.no/oystein/ptpatch2008/
>>
>
> I still see no kernel updates for Centos and I got two Fedora 8 kernel
> updates since this exploit happened.
>
> Is my yum broken?
>
> I tried
> yum clean all
> yum update
>
> and still nothing :(
kernel-2.6.18-53.1.13.el5
is the bug fix kernel.
If you aren't seeing it - I think your yum config file is likely set up
incorrectly.
Where is it pointing for updates?
More information about the CentOS
mailing list