Results 1 to 5 of 5

Thread: How do I find out if I have this vulnerability?

  1. #1

    Default How do I find out if I have this vulnerability?

    Is this in openSUSE's default config? How would I check?
    https://threatpost.com/en_us/blogs/l...-rights-102110

  2. #2
    Join Date
    Jun 2008
    Location
    Podunk
    Posts
    26,825
    Blog Entries
    15

    Default Re: How do I find out if I have this vulnerability?

    Quote Originally Posted by 6tr6tr
    Is this in openSUSE's default config? How would I check?
    http://tinyurl.com/2fwssb5
    Hi
    Give me local access Are you running a cluster?

    Temp fix;

    echo "alias net-pf-21 off" > /etc/modprobe.d/disable-rds

    See here;
    http://www.vsecurity.com/resources/advisory/20101019-1/


    --
    Cheers Malcolm (Linux Counter #276890)
    SUSE Linux Enterprise Desktop 11 (x86_64) Kernel 2.6.32.23-0.3-default
    up 10:40, 5 users, load average: 0.30, 0.17, 0.06
    GPU GeForce 8600 GTS Silent - Driver Version: 260.19.12


  3. #3
    Join Date
    Jan 2009
    Location
    Taft, Republic of California. UTC -8
    Posts
    1,474

    Default Re: How do I find out if I have this vulnerability?

    I suspect we are going to have a new kernel pretty soon.
    Tumbleweed

  4. #4
    Join Date
    Jul 2010
    Location
    Fuerth, Germany
    Posts
    71

    Default Re: How do I find out if I have this vulnerability?

    A kernel update for this issue is in preparation. However a security vulnerability always gets a unique CVE ID. There is also a link in the above mentioned URL:
    VSR Security Advisories

    These are always used as a reference by Linux distributions as well.

    You can always check your currently installed kernel's changelog it should mention the CVE as well. For example if you use the kernel-desktop:
    rpm -q --changelog kernel-default | less

  5. #5
    Join Date
    Jun 2008
    Location
    Earth - Denmark
    Posts
    10,730

    Default Re: How do I find out if I have this vulnerability?

    6tr6tr wrote:
    > Is this in openSUSE's default config? How would I check?
    > http://tinyurl.com/2fwssb5


    1. how many folks do you let log into your system?

    2. how many of those people are black hat crackers you would suspect
    of wanting to crack your system by becoming root?

    if you answered none to either then the likelyhood that "a local
    attacker could issue specially crafted socket function calls to write
    arbritrary values into kernel memory" is about zero, in your case..

    that quoted line above is from the article you cited..

    --
    DenverD
    When it comes to chocolate, resistance is futile.
    CAVEAT: http://is.gd/bpoMD [posted via NNTP w/openSUSE 10.3]

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •