mlc wrote:
According to
a message from the Debian security list, there is some kind of giant security hole in kernels 2.4.18 ... 2.4.22 -- is it possible to make a 2.4.23 kernel available on linode?
Thx.
This exploit is scary but not the end of the world. (It affects all distributions, not just Debian.) You need a shell account to make it work. Apparently the way the attacker got onto Debian's systems is via a developer who SSH'd into a Debian box from a non-Debian machine that was already compromised by the attacker. The attacker sniffed the password, logged into the Debian machines as a regular user, and then used the exploit to elevate him/herself to root.
However, I agree with mic; I'd like to be running on a kernel not affected by this bug ASAFP. Is switching to 2.4.23-pre8-linode11-5um
recommended, or should we wait for the latest 2.4 kernel to be updated?
References:
http://lists.debian.org/debian-security ... 00212.html
http://www.wiggy.net/debian/
http://developers.slashdot.org/article. ... 01/2133249
_________________
John Schofield
Apple Certified Technical Coordinator
Office Mechanic Consulting
Mac, Unix, and PC Computer Support
www.officemechanic.com