Re: Debian 4.0 and mmap_min_addr null pointer dereference flaw

To: john <lists.john@gmail.com>
Cc: debian-security@lists.debian.org
Subject: Re: Debian 4.0 and mmap_min_addr null pointer dereference flaw
From: dann frazier <dannf@dannf.org>
Date: Wed, 4 Nov 2009 10:23:23 -0700
Message-id: <20091104172323.GA21322@lackof.org>
In-reply-to: <2be970b50911040905m299e6dceq2f7fad8809811f5e@mail.gmail.com>
References: <2be970b50911040905m299e6dceq2f7fad8809811f5e@mail.gmail.com>

On Wed, Nov 04, 2009 at 09:05:20AM -0800, john wrote:
> Hello all,
> 
> I see that there is another null pointer dereference flaw being talked about.
> http://www.theregister.co.uk/2009/11/03/linux_kernel_vulnerability/
> 
> It looks like we can take step in Debian 5.0 to mitigate this threat by setting
> echvm.mmap_min_addr = 4096
> 
> per http://wiki.debian.org/mmap_min_addr
> 
> I am running some servers running Debian 4.0. I doesn't look like
> there is a /etc/sysctl.d/mmap_min_addr.conf to edit. Where are these
> values stored
> under Debian 4.0.

There isn't a pre-existing mmap_min_addr.conf, you need to create it.
You can view the current value in /proc:

 # cat /proc/sys/vm/mmap_min_addr

> What is the right way to proceed? Should I be looking at upgrading my servers?
> 
> Thanks!
> 
> John
> 
> 

-- 
dann frazier

Reply to:

References:
- Debian 4.0 and mmap_min_addr null pointer dereference flaw
  - From: john <lists.john@gmail.com>

Prev by Date: Re: Debian 4.0 and mmap_min_addr null pointer dereference flaw
Next by Date: Re: Debian 4.0 and mmap_min_addr null pointer dereference flaw
Previous by thread: Re: Debian 4.0 and mmap_min_addr null pointer dereference flaw
Next by thread: Re: Debian 4.0 and mmap_min_addr null pointer dereference flaw
Index(es):
- Date
- Thread