[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Fwd: [BUGTRAQ] Big problem on 2.0.x?]
hi,
who use 2.0.X this days.
just upgrade to 2.2.13 kernel.
Moran Zavdi.
-----Original Message-----
From: Jonathan Ben-Avraham <benavrhm@tcltek.co.il>
To: James Olin Oden <joden@lee.k12.nc.us>
Cc: Omer <omere@tcmail.tau.ac.il>; Hetz Ben Hamo <hetz-home@cobol2java.com>;
Linux-IL <linux-il@cs.huji.ac.il>
Date: יום ראשון 12 דצמבר 1999 21:24
Subject: Re: [Fwd: [BUGTRAQ] Big problem on 2.0.x?]
>
>The answer is download.xs4all.nl:/pub/mirror/redhat-updates
>
> - yba
>
>On Fri, 10 Dec 1999, James Olin Oden wrote:
>
>> >
>> > What are you talking about?
>> >
>> > RH contrib? Some other site where you can get kernels
>> > packaged as RPMs?
>> >
>> > We're talking about an enterprise environment here,
>> > OFFICIAL RH errata. Whether or not this is the right
>> > way to go, this is where people look.
>> >
>> > Why don't you head on over to
>> > ftp://ftp.cdrom.com/pub/linux/redhat/updates/5.2/i386/
>> > (a respectable RH mirror site, no doubt) and check what kernel version
>> > they have in stock. The site is updated, there is nothing wrong with
>> > it. The official RH errata does indeed contain only kernel 2.0.36.
>> >
>> Actually, when it comes to older realeases such as RH 5.x, then do
>> not expect even ftp.cdrom.com to be upto date. Until about two months
>> ago, one of our servers was running the RH 5.2 distribution. A little
>> before we made the conversion to RH 6.1 yet another exploit was found in
>> the wu-ftpd daemon. At the time, it was really hard to get a connection
>> to updates.redhat.com. So I went looking around for a mirror that still
had
>> the RH 5.2 stuff. Well, I got to ftp.cdrom.com and downloaded the
wu-ftdp
>> errata file they had, and installed it without checking its version (a
>> VERY dumb thing to do )-: ). Unfortunately, it happened to be something
>> older than the rpm I was already using. This really hosed things as you
>> might imagine. Eventually I got conencted to updates.redhat.com, and
>> downloaded the correct version with the fix for the exploit.
>>
>> The moral is that mirrors often times may have the a distro's early
realeases,
>> but they are probably only truely mirroring the current release.
>>
>> ..james
>>
>> > Hetz Ben Hamo wrote:
>> > >
>> > > Well, if YOU CHECK you will find that there are RPM's for kernel
2.0.38
>> > > for redhat 5.x - compiled and ready.
>> > >
>> > > Just rpm -Uvh kernel-2.0.38(whatever the name is) and thats it..
>> > >
>> > > Hetz
>> > >
>> > > Omer wrote:
>> > > >
>> > > > Irrelevant.
>> > > >
>> > > > Most people will not upgrade the kernel on their own
>> > > > to the latest stable version, but rather would only
>> > > > upgrade using the official vendor errata. This is how
>> > > > it is for all of the big-time operating systems, and
>> > > > since Linux is poised to make it to the big time, you
>> > > > have to expect this practice to become a lot more common.
>> > > >
>> > > > To which: Say you're a RH user, using 5.x.
>> > > >
>> > > > You will be using RedHat's errata updated for 5.2.
>> > > >
>> > > > The latest kernel included is 2.0.36, not patched
>> > > > to fix this.
>> > > >
>> > > > Hetz Ben Hamo wrote:
>> > > > >
>> > > > > It fixed long time ago on kernel 2.0.38
>> > > > >
>> > > > > Hetz
>> > > > >
>> > > > > Omer wrote:
>> > > > > >
>> > > > > > This was posted to BugTraq today, and it seemed
>> > > > > > important enough to pass on (even though if you are
>> > > > > > a sysadmin and do not regularly read BT, you might
>> > > > > > deserve what you get).
>> > > > > >
>> > > > > > It's what I'd call a HUGE problem, not
>> > > > > > merely a big problem (unless of course you have
>> > > > > > no local users). In any case, I'd chmod u-s /bin/ping
>> > > > > > immediatly, and be careful not to ping as root (if
>> > > > > > you're not sure you're up to it, better make it
>> > > > > > chmod 000 /bin/ping :)
>> > > > > >
>> > > > > > Message to BT follows...
>> > > > > >
>> > > > >
> --------------------------------------------------------------------------
--------------
>> > > > > >
>> > > > > > Eduardo Cruz wrote:
>> > > > > >
>> > > > > > Hello ppl.
>> > > > > >
>> > > > > >
>> > > > > > Last week i was playing with my old linux 2.0.36 i486 box,
while i was
>> > > > > > playing with the command ping and trying combinations of
commands
>> > > > > > i found that when u do a ping -s 65468 -R ANYIPADDRESS ( -R
record
>> > > > > > route) the system starts to print on the screen kernel dumps
>> > > > > > , freezes complitely and after few secconds the system reboots.
>> > > > > >
>> > > > > > The major problem with this (if this is a bug, because i dont
have time
>> > > > > > to install differents kernels and test it better) is that
command can be
>> > > > > > run by everyone
>> > > > > > because you dont need root permissions to make a -R.
>> > > > > >
>> > > > > > I tested this on a 2.0.35 and .36 (both slackware), when u try
to do this
>> > > > > > on a 2.2.x the system prints out "message too long".
>> > > > > > I think the problem is that there is a size-check missed when u
reach the
>> > > > > > maximun packet size and u put the route information, but anyway
>> > > > > > i am not a guru on kernels.
>> > > > > >
>> > > > > > So, now is time for the kernel experts :)
>> > > > > >
>> > > > >
> --------------------------------------------------------------------------
-
>> > > > > > Eduardo Cruz - eduardo.cruz.@ts-g.com
>> > > > > > Network Administrator
>> > > > > > Telecomm Solutions Group
>> > > > > > Tel: +350 74146 Fax: +350 41781
>> > > > > > ---------------------------------------------------------------
>> > > > > >
>> > > > > > --
>> > > > > > /--------------- Omer Efraim,
omere@tcmail.tau.ac.il ------------------\
>> > > > > > [ Microsoft Vaccine 2000 is configuring your immune system.
This may ]
>> > > > > > [ take a few minutes. If your body stops responding for a long
time and ]
>> > > > > > [ there is no brain activity please die. Setup will continue
after you ]
>> > > > > > [ are
]
>> > > > > >
\-----------------------------------------------------------------------/
>> > > > > > - Quoting Buzh, asr
>> > > > > >
>> > > > > >
=================================================================
>> > > > > > To unsubscribe, send mail to linux-il-request@linux.org.il with
>> > > > > > the word "unsubscribe" in the message body, e.g., run the
command
>> > > > > > echo unsubscribe | mail linux-il-request@linux.org.il
>> > > >
>> > > > --
>> > > > /--------------- Omer Efraim,
omere@tcmail.tau.ac.il ------------------\
>> > > > [ Microsoft Vaccine 2000 is configuring your immune system. This
may ]
>> > > > [ take a few minutes. If your body stops responding for a long time
and ]
>> > > > [ there is no brain activity please die. Setup will continue after
you ]
>> > > > [ are
]
>> > > >
\-----------------------------------------------------------------------/
>> > > > - Quoting Buzh, asr
>> > >
>> > > =================================================================
>> > > To unsubscribe, send mail to linux-il-request@linux.org.il with
>> > > the word "unsubscribe" in the message body, e.g., run the command
>> > > echo unsubscribe | mail linux-il-request@linux.org.il
>> >
>> > --
>> > /--------------- Omer Efraim,
omere@tcmail.tau.ac.il ------------------\
>> > [ Microsoft Vaccine 2000 is configuring your immune system. This
ay ]
>> > [ take a few minutes. If your body stops responding for a long time
and ]
>> > [ there is no brain activity please die. Setup will continue after
ou ]
>> > [ are
]
>> >
\-----------------------------------------------------------------------/
>> > - Quoting Buzh, asr
>> >
>> > =================================================================
>> > To unsubscribe, send mail to linux-il-request@linux.org.il with
>> > the word "unsubscribe" in the message body, e.g., run the command
>> > echo unsubscribe | mail linux-il-request@linux.org.il
>> >
>>
>>
>> =================================================================
>> To unsubscribe, send mail to linux-il-request@linux.org.il with
>> the word "unsubscribe" in the message body, e.g., run the command
>> echo unsubscribe | mail linux-il-request@linux.org.il
>>
>
>
> EE 77 7F 30 4A 64 2E C5 83 5F E7 49 A6 82 29 BA ~. .~ TclTek Ltd.
>
=}-------------------------------------------------ooO--U--Ooo-----------{=
> - benavrhm@tcltek.co.il - tel: +972.52.670.353, http://www.tcltek.co.il -
>
>
>=================================================================
>To unsubscribe, send mail to linux-il-request@linux.org.il with
>the word "unsubscribe" in the message body, e.g., run the command
>echo unsubscribe | mail linux-il-request@linux.org.il
>
To unsubscribe, send mail to linux-il-request@linux.org.il with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail linux-il-request@linux.org.il