** Description changed: Binary package hint: linux-image-2.6.15-54-server CVE Candidate is CVE-2009-2692 Exploit: http://seclists.org/fulldisclosure/2009/Aug/0180.html Patch: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=e694958388c50148389b0e9b9e9e8945cf0f1b98 WORK-AROUND: Ubuntu 8.04 and later have a default setting of 65536 in /proc/sys/vm/mmap_min_addr. When set, this issue is blocked. If your value is 0, please purge the "wine" and "dosemu" packages, and reset the value: sudo apt-get purge wine dosemu echo 65536 | sudo tee /proc/sys/vm/mmap_min_addr On Ubuntu 6.06 (Dapper), the following configuration will work around the issue (note this disables IPv6): sudo -s cat > /etc/modprobe.d/mitigate-2692.conf << EOM install ppp_generic /bin/true install pppoe /bin/true install pppox /bin/true install slhc /bin/true install bluetooth /bin/true install ipv6 /bin/true install irda /bin/true install ax25 /bin/true install ipx /bin/true install appletalk /bin/true EOM /etc/init.d/bluez-utils stop - rmmod pppoe pppox ppp_generic slhc ax25 x25 irda crc_ccitt ipx appletalk rfcomm l2cap bluetooth + rmmod pppoe pppox ppp_generic slhc ax25 x25 irda crc_ccitt ipx ipv6 appletalk rfcomm l2cap bluetooth
-- Local root exploit via CVE-2009-2692 (incorrect proto_ops initializations) https://bugs.launchpad.net/bugs/413656 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
