On Sat, 22 Oct 2016, Akemi Yagi wrote: > On Sat, Oct 22, 2016 at 10:58 AM, Andrew Z <[log in to unmask]> wrote: >> Pat and team, >> Do we have an estimate on the world shattering vulnerability ? > > As you are aware, this depends on how soon upstream (Red Hat) releases > the updated RHEL kernels. Here is one reply from a RH person: > > " I apologize but we can't provide a time frame around releases for > security fixes. We are, as you mentioned, of course working diligently > to address this issue as quickly as possible." > > https://access.redhat.com/security/vulnerabilities/2706661#comment-1111661 > > Akemi As well, the importance of this vulnerability hinges on user access; in SANS newsbites yesterday, one of the editors made this remark about this kernel vulnerablity (branded by the person(s) who raised the issue: "Dirty Cow"): This is a privilege escalation vulnerability that was introduced in Linux about 11 years ago. An exploit has been used in some attacks to take advantage of this vulnerability, but the exploit has not been made public yet. Systems based on RedHat ES 5 and 6, which are vulnerable, appear to be not susceptible to the exploit as this particular exploit requires write access to /proc/self/mem. Given that this exploit requires user access, and the actual exploit is only in limited distribution (but this may change soon), "branding" this exploit is hyping a minor and common vulnerability and only serves to distract administrators from more important tasks. Deal with patches for this vulnerability like you would deal with any other kernel patch. https://www.sans.org/newsletters/newsbites/xviii/84 cheers, etc. -- deatrich @ triumf.ca, Science/ATLAS PH: +1 604-222-7665 <*> This moment's fortune cookie: Happiness isn't something you experience; it's something you remember. -- Oscar Levant