[Users] Re: New kernel vuln...
Benny Amorsen
benny+usenet at amorsen.dk
Mon Aug 17 15:55:27 EDT 2009
Michael Stauber <mstauber-4DZexNfRJKk1GQ1Ptb7lUw at public.gmane.org>
writes:
> The exploit allows an unprivileged user to gain root access. However: The
> exploit (as is) *only* works on the master node. NOT inside a VE.
That is a very weak assurance. The failure of a specific implementation
of an attack means very little.
> Somehow the virtualization already takes care of it and prevents it
> when someone runs it inside a VE.
Well, it likely just sets things up in a way that prevents this specific
exploit implementation from working. That's what I'll believe until I
get soemthing more specific than "somehow".
> Yeah, if you're running an unvirtualized Linux you should be worried.
> If you're running CentOS, then especially so. It just took them 9 days
> to release a GLIBC update and the other "important" kernel and bind
> updates before that were also so late that it was nothing to write
> home about. I wonder how long it'll take them this time to rebuild the
> RedHat kernel SRPM and release it <sigh>. It's no longer funny what
> they do.
Indeed. We attempted to move from Fedora to CentOS for a few servers.
Lack of security updates got that attempt cancelled.
/Benny
More information about the Users
mailing list