[axxs-sysadmin] core dump vuln
Dave Fregon
dave at netaxxs.com.au
Sun Jul 16 21:23:54 PDT 2006
On Fri, 2006-07-14 at 12:17 +0200, finn wrote:
> Hi,
>
> Just wondering if any action has been taken with the PRCTL core dump
> vuln: http://www.securityfocus.com/bid/18874/info
compcoll/xchange got done via this exploit friday. it's urgent. I
haven't had a chance to follow up as yet, anywhere ..I will look into it
and see what the status is in fedora, I have quite a few machines
running it so will need to go around doing a global kernel upgrade ..
> Judging by our 146 days uptime, we haven't had a kernel update for a
> while ;-)
ya, I have it blanked in up2date conf, as per general community
recommendations (so your not upgrading kernel all the time) so needs to
be supervised asap.
update kernel
check grub for 'fallback' option enabled.
reboot and hope for the best :)
how's that for a plan of attack? :)
thanks heaps Finn for pointing this out and being on the ball. I will
look at doing this tonight.
Davo
>
> I have made a couple of changes:
>
> echo /dev/null > /proc/sys/kernel/core_pattern
> (was: core)
>
> echo 0 > /proc/sys/kernel/core_uses_pid
> (was: 1)
>
> This should force all core dumps into /dev/null, instead of the current
> directory. Otherwise a user could drop something bad into /etc/cron.* etc.
>
> Is there an updated kernel out for fedora yet?
>
> seeya's
> finn
>
>
> _______________________________________________
> axxs-sysadmin mailing list
> axxs-sysadmin at lists.indymedia.org
> http://lists.indymedia.org/mailman/listinfo/axxs-sysadmin
More information about the axxs-sysadmin
mailing list