Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security VulnWatch
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Full-Disclosure] Re: Linux kernel scm_send local DoS

from [Valdis . Kletnieks] Network Security [Permanent Link]
Subject: Re: [Full-Disclosure] Re: Linux kernel scm_send local DoS
Date: Wed, 22 Dec 2004 22:59:12 -0500 
On Wed, 15 Dec 2004 13:31:30 +0100, Paul Starzetz said:

I don't think this is practicable, since the bugs reside in deep kernel 
functions. You can not fix it just by disabling a particular syscall. You 
have patch a running kernel binary, maybe someone comes up with this kind 
of utlility.


Majorly scary. I've done similar patch-on-the-fly on many different systems
in the past 25 years.  You *really* want to install a proper patch and reboot.

If you can't tolerate the 10-20 minutes of downtime a scheduled reboot will
take, you can't tolerate the hours of downtime you'll get if you get hacked.
So either bite the bullet and reboot, or get redundant gear so you have good
fail-over while you reboot.

(Note that *some* bugs in the Linux kernel can at least theoretically be
fixed on the fly with an rmmod of the buggy module and an insmod of a patched
version built against the same source tree.  The bugs in question aren't in
code that's likely to be rmmod'able on a running production system....)

Attachment: pgpWUiwNaLLCy.pgp
Description: PGP signature

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [VulnWatch] Oracle TNS Listener DoS (#NISR2122004F), NGSSoftware Insight Security Research
Next by Date:  [VulnWatch] Oracle multiple PL/SQL injection vulnerabilities (#NISR2122004H), NGSSoftware Insight Security Research
Previous by Thread:  Re: Linux kernel scm_send local DoS, even multiplexed
Next by Thread:  Re: Linux kernel scm_send local DoS, Pavel Kankovsky
Indexes:  [Date] [Thread] [Top] [All Lists]