Re: Debian 4.0 and mmap_min_addr null pointer dereference flaw
On Wed, Nov 04, 2009 at 09:05:20AM -0800, john wrote:
> Hello all,
>
> I see that there is another null pointer dereference flaw being talked about.
> http://www.theregister.co.uk/2009/11/03/linux_kernel_vulnerability/
>
> It looks like we can take step in Debian 5.0 to mitigate this threat by setting
> echvm.mmap_min_addr = 4096
>
> per http://wiki.debian.org/mmap_min_addr
>
> I am running some servers running Debian 4.0. I doesn't look like
> there is a /etc/sysctl.d/mmap_min_addr.conf to edit. Where are these
> values stored
> under Debian 4.0.
There isn't a pre-existing mmap_min_addr.conf, you need to create it.
You can view the current value in /proc:
# cat /proc/sys/vm/mmap_min_addr
> What is the right way to proceed? Should I be looking at upgrading my servers?
>
> Thanks!
>
> John
>
>
--
dann frazier
Reply to: