Glib exploit

[tomtom901]

Hi everybody,

Please update your glibc installation as soon as possible because of this exploit.

Don't know how to? Send me a PM

 

[ViAdCk]

yum update glibc

should be enough?

 

[tomtom901]

Yep, it should be enough.

 

[Arieh]

Debian hasn't updated yet http://security-tracker.debian.org/tracker/CVE-2010-3847

I've read that theres no working exploit for debian been published just yet, but I'll keep checking for updates I guess..

 

[tomtom901]

Debian can also be hacked, at least, so I've heard.

 

[snk]

For Debian this problem has been fixed in version 2.7-18lenny6 (Lenny)
and for for squeeze in version 2.11.2-6+squeeze1

I've updated all our servers.

 

[Arieh]

Ye now it is.

 

[nobaloney]

According to this bugzilla article (redhat.com), Neither Red Hat/CentOS3 nor Red Hat/CentOS4 are vulnerable to this. See the second post. Or am I reading it wrong?

Thanks.

Jeff

 

[tomtom901]

According to this bugzilla article (redhat.com), Neither Red Hat/CentOS3 nor Red Hat/CentOS4 are vulnerable to this. See the second post. Or am I reading it wrong?

Thanks.

Jeff

Hi Jeff,

I tested it on a CentOS 5 and it worked perfectly, don't know about 3 or 4.

 

[nobaloney]

What worked perfectly? Did you actually try running the exploit?

Jeff

 

[tomtom901]

What worked perfectly? Did you actually try running the exploit?

Jeff

Jeff,

The exploit itself without the patch worked, and it didn't work after patching glib.

Tom

 

[nobaloney]

On CentOS 5. Care to try it on CentOS 4 or CentOS 3? If so contact me by email.

Jeff