Hey guys, I am running the 64bit version of Squeeze. I am sure you guys have heard about the issues surrounding CVE-2010-3081 as it has made all kinds of news this past weekend. I have done some reading on it and while I am not paranoid enough to yank the connection from the wall, I must admit that with almost every one of my tech news sources freaking out about it these past few days I am being tempted by all the fear-mongering media outlets... When I first saw the Debian advisory[1] I just brushed it off and thought nothing of it. It seemed to have already been patched so I would simply update the next time I saw that there was a kernel update. However, the tracker[2] is still showing it to be vulnerable in Squeeze. [1] http://www.debian.org/security/2010/dsa-2110 [2] http://security-tracker.debian.org/tracker/CVE-2010-3081 Ksplice seems to be toting a patch as well as a scanner[3], but one look at the scanner code and I am not entirely sure I want to run it. Any code this obfuscated gives me the creeps. I have to side with /. on this one[4]. I checked around and was unable to find anything about chkrootkit being able to detect this one yet. [3] https://www.ksplice.com/uptrack/cve-2010-3081.ssi.xhtml [4] http://linux.slashdot.org/comments.pl?sid=1792608&cid=33632118 I thought I would check in with the list before I go too crazy. Anyone know when the patch is going to be pushed out to Squeeze? Anyone know when/if there will be a vulnerability scanner for this that doesn't look so scary? Have I missed something that makes all this pointless? :-P Thanks! ~Stack~
Attachment:
signature.asc
Description: OpenPGP digital signature