[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] nullpointer fix question

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: [Full-disclosure] nullpointer fix question
From: maxigas <maxigas@xxxxxxxxxxxx>
Date: Fri, 14 Aug 2009 16:38:59 +0100 (BST)

hi!

Should this fix work against the nullpointer linux kernel vulnerability?

Should it break any services on a usual LAMP machine?

thx,

ps: sorry i lost the header for original message

maxigas

> > So, here's the contents of disabled-protocols .
> >
> > ================================================
> > # these networking protocols are not needed on this server
> >
> > install net-pf-3  /bin/true             # Amateur Radio AX.25
> > install net-pf-4  /bin/true             # Novell IPX
> > install net-pf-5  /bin/true             # AppleTalk DDP
> > install net-pf-6  /bin/true             # Amateur Radio NET/ROM
> > install net-pf-8  /bin/true             # ATM PVCs
> > install net-pf-9  /bin/true             # Reserved for X.25 project
> > install net-pf-10 /bin/true             # IP version 6
> > install net-pf-11 /bin/true             # Amateur Radio X.25 PLP
> > install net-pf-12 /bin/true             # Reserved for DECnet project
> > install net-pf-13 /bin/true             # Reserved for 802.2LLC project
> > install net-pf-18 /bin/true             # Ash
> > install net-pf-19 /bin/true             # Acorn Econet
> > install net-pf-20 /bin/true             # ATM SVCs
> > install net-pf-22 /bin/true             # Linux SNA Project (nutters!)
> > install net-pf-23 /bin/true             # IRDA sockets
> > install net-pf-24 /bin/true             # PPPoX sockets
> > install net-pf-25 /bin/true             # Wanpipe API Sockets
> > install net-pf-26 /bin/true             # Linux LLC
> > install net-pf-30 /bin/true             # TIPC sockets
> > install net-pf-31 /bin/true             # Bluetooth sockets
> > ________________________________________

> > On the servers where I really care about security, I disable most
> > networking protocols by installing the attached file as:
> >
> >   /etc/modprobe.d/disabled-protocols
> >
> > [Note that this file disables IPv6.]
> >
> > It's safest to reboot after installing this file, in case any of
> > the networking-protocol modules have already been inserted into
> > the kernel.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] nullpointer fix question
  - From: Tavis Ormandy

Prev by Date: Re: [Full-disclosure] ByPass a BlueCoat Proxy 8100 Serie authentification
Next by Date: Re: [Full-disclosure] nullpointer fix question
Previous by thread: Re: [Full-disclosure] ByPass a BlueCoat Proxy 8100 Serie authentification
Next by thread: Re: [Full-disclosure] nullpointer fix question
Index(es):
- Date
- Thread