B
bdraco
Guest
http://www.securityfocus.com/cgi-bin/archive.pl?id=1&mid=221337&start=2001-10-15&end=2001-10-21
Anybody who is running the kernels mentioned above should upgrade their kernel as soon as possible.
Anybody running Cpanel got /usr/bin/newgrp chmoded 700 to nullify the problem. However there maybe another exploit because the exploit is not with newgrp itself, it is with the kernel.
All 2.4 users should upgrade to 2.4.12
You can obtain the kernel source here:
http://www.kernel.org/pub/linux/kernel/v2.4/linux-2.4.12.tar.gz
If you prefer to compile it yourself the howto is here:
http://www.linuxdoc.org/HOWTO/Kernel-HOWTO.html
Or you can use one of the rpms redhat has provided
http://www.securityfocus.com/cgi-bin/archive.pl?id=1&mid=221455&start=2001-10-15&end=2001-10-21
!!!IMPORTANT!!! if you choose to use the rpms you must actually read the install instructions or you may end up with an non-booting system.
http://www.redhat.com/support/docs/howto/kernel-upgrade/kernel-upgrade.html
----
Disclaimer: DarkORB does not provide any support for compiling/installing kernels as we do not install them in the first place; This message is just to inform you of the problem. If you do not know what you are doing seek ( please contact your software vendor that you recieved redhat or mandrake from ) help as you could end up with a non-bootable system.
Anybody who is running the kernels mentioned above should upgrade their kernel as soon as possible.
Anybody running Cpanel got /usr/bin/newgrp chmoded 700 to nullify the problem. However there maybe another exploit because the exploit is not with newgrp itself, it is with the kernel.
All 2.4 users should upgrade to 2.4.12
You can obtain the kernel source here:
http://www.kernel.org/pub/linux/kernel/v2.4/linux-2.4.12.tar.gz
If you prefer to compile it yourself the howto is here:
http://www.linuxdoc.org/HOWTO/Kernel-HOWTO.html
Or you can use one of the rpms redhat has provided
http://www.securityfocus.com/cgi-bin/archive.pl?id=1&mid=221455&start=2001-10-15&end=2001-10-21
!!!IMPORTANT!!! if you choose to use the rpms you must actually read the install instructions or you may end up with an non-booting system.
http://www.redhat.com/support/docs/howto/kernel-upgrade/kernel-upgrade.html
----
Disclaimer: DarkORB does not provide any support for compiling/installing kernels as we do not install them in the first place; This message is just to inform you of the problem. If you do not know what you are doing seek ( please contact your software vendor that you recieved redhat or mandrake from ) help as you could end up with a non-bootable system.
