Hi Robert et al., A follow up:
I tracked this down at https://bugs.launchpad.net/ubuntu/+source/linux-source-2.6.15/+bug/413656 The answer seems to be that Ubuntu's after 6.06 do ship with the mmap_min_addr value set non-zero, but that may not be enough to prevent the attack. The verdict seems to be out on that. However updated kernels should be forth-coming "soon". John On Tue, Aug 18, 2009 at 4:07 PM, john<[email protected]> wrote: > On Tue, Aug 18, 2009 at 11:28 AM, Robert > Citek<[email protected]> wrote: >> From reading the description of the vulnerability: >> >> http://www.h-online.com/security/Critical-vulnerability-in-the-Linux-kernel-affects-all-versions-since-2001--/news/114004 >> >> it seems as though there might be a simple workaround: >> >> "Ormandy and Tiennes say, however, that the exploit will not work on >> current kernels with mmap_min_addr support if a number greater than >> zero is defined by means of sysctl as the value for vm.mmap_min_addr." >> >> On my 8.04.3 LTS sytem: >> >> $ grep mmap_min_addr /etc/sysctl.conf >> vm.mmap_min_addr = 65536 >> >> $ sysctl vm.mmap_min_addr >> vm.mmap_min_addr = 65536 >> >> I'm not sure if changing the vm.mmap_min_addr is good enough until the >> kernel patch makes its way down the pipe. >> >> Regards, >> - Robert > > Interesting. Thanks Robert. I am running several servers with 8.04 on > them and my /etc/sysctl.conf file reads the same as yours. I assume > that 8.10 is similarly configured, but the article says 8.10 is > vulnerable. So I am going to assume 8.04 is as well. I'll keep looking > into it. > > I appreciate your response! > > John > -- edubuntu-devel mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/edubuntu-devel
