[CentOS] Kernel NULL pointer vulnerability
Marcus Moeller
mail at marcus-moeller.deFri Aug 14 12:24:39 UTC 2009
- Previous message: [CentOS] OT: Fortunate clueless dd chum - lvm recovery
- Next message: [CentOS] Kernel NULL pointer vulnerability
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi all. Julien Tinnes and Tavis Ormandy from the Google Security Team have recently found a Linux kernel vulnerability which affects all 2.4 and 2.6 kernels since 2001 on all architectures. Please read the announcement on LWM: http://lwn.net/Articles/347006/ for further information about the vulnerability and the exploit which has been provided by Brad Spengler (you will find updates on his twitter site). The only workaroud that is known to me atm is to disable the affected kernel modules (which should be handled with care as some of them may provide necessary functionality in your operating environment): echo "alias net-pf-3 off # Amateur Radio AX.25 alias net-pf-4 ipx # IPX alias net-pf-5 off # DDP / AppleTalk alias net-pf-9 off # X.25 # alias net-pf-10 off # IPv6 alias net-pf-23 off # IrDA alias net-pf-24 # PPPoE alias net-pf-31 off # Bluetooth" >> /etc/modprobe.conf Best Regards Marcus
- Previous message: [CentOS] OT: Fortunate clueless dd chum - lvm recovery
- Next message: [CentOS] Kernel NULL pointer vulnerability
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS mailing list