[CentOS] local root exploit
Valent Turkovic
valent.turkovic at gmail.com
Fri Feb 15 19:26:38 UTC 2008
On Fri, Feb 15, 2008 at 7:48 PM, Michael A. Peters <mpeters at mac.com> wrote:
> Valent Turkovic wrote:
> > On Mon, Feb 11, 2008 at 11:58 AM, kfx <kadafax at gmail.com> wrote:
> >> Valent Turkovic wrote:
> >> > I saw that there is a local root exploit in the wild.
> >> > http://blog.kagesenshi.org/2008/02/local-root-exploit-on-wild.html
> >> >
> >> > And I see my centos box still has: 2.6.18-53.1.4.el5
> >> >
> >> > yum says there are no updates... am I safe?
> >> >
> >> > Valent.
> >> No you're not... and we are a lot in this very embarrassing situation...
> >>
> >> You can compile (you need kernel-pae-devel's rpm) and insmod this kernel
> >> module while waiting for redhat to push out a new kernel and then that
> >> centos reroll it.
> >> http://home.powertech.no/oystein/ptpatch2008/
> >>
> >
> > I still see no kernel updates for Centos and I got two Fedora 8 kernel
> > updates since this exploit happened.
> >
> > Is my yum broken?
> >
> > I tried
> > yum clean all
> > yum update
> >
> > and still nothing :(
>
> kernel-2.6.18-53.1.13.el5
>
> is the bug fix kernel.
> If you aren't seeing it - I think your yum config file is likely set up
> incorrectly.
>
> Where is it pointing for updates?
#released updates
[updates]
name=CentOS-$releasever - Updates
mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=updates
#baseurl=http://mirror.centos.org/centos/$releasever/updates/$basearch/
gpgcheck=1
gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-5
priority=1
enabled=1
--
http://kernelreloaded.blog385.com/
linux, blog, anime, spirituality, windsurf, wireless
registered as user #367004 with the Linux Counter, http://counter.li.org.
ICQ: 2125241, Skype: valent.turkovic
More information about the CentOS
mailing list