[K12OSN] Major Kernel Vulnerability in FC6
Nils Breunese
nils at breun.nl
Tue Feb 12 20:41:09 UTC 2008
k12ltsp wrote:
> It's being reported over the news and online that a major kernel
> vulnerability exists in many versions of linux, including FC6, that
> allows
> any user to gain root access from their command line.
>
> We have already had a student learn of this exploit and take down our
> network. Unfortunately Redhat stopped updating FC6 as of december 7
> and
> have no plans to update it anymore. Fixes for the vulnerability are
> now
> available for FC7 and FC8.
>
> Does anyone know what the status is with K12LTSP moving to FC7 or
> higher?
LTSP is on track to be incorporated into Fedora 9: http://fedoraproject.org/wiki/Features/K12Linux
I'm not sure if a K12LTSP release based on Fedora 7 or 8 will ever
see the light.
> Does anyone know of an RPM Kernel upgrade that is available for FC6
> that
> we can install to correct the issue?
If there is a patch someone should be able to build a patched FC6
kernel I guess. We have a K12LTSP 5EL server, so we have a supported
setup.
> This exposes a major vulnerability that any student can take
> advantage of
> and gain root access.
A guy called Morten Hustveit created a modified version of the exploit
that patches the vulnerability: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=464953#14
Could be a nice temporary fix.
Nils Breunese.
More information about the K12OSN
mailing list