Re: [bitfolk] CVE-2009-2692 - local->root Linux kernel explo…

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MJocke Selin at <-
MTony Whitmore at ->
Author: Andy Smith
Date:  
To: users
Subject: Re: [bitfolk] CVE-2009-2692 - local->root Linux kernel exploit

Reply to this message
gpg: Signature made Wed Aug 19 13:21:13 2009 UTC using DSA key ID BF15490B
gpg: Good signature from "Andy Smith <andy@strugglers.net>"
gpg: aka "Andrew James Smith <andy@strugglers.net>"
gpg: aka "Andy Smith (UKUUG) <andy.smith@ukuug.org>"
gpg: aka "Andy Smith (BitFolk Ltd.) <andy@bitfolk.com>"
gpg: aka "Andy Smith (Linux User Groups UK) <andy@lug.org.uk>"
gpg: aka "Andy Smith (Cernio Technology Cooperative) <andy.smith@cernio.com>"
Hi Jocke,

On Wed, Aug 19, 2009 at 01:39:45PM +0100, Jocke Selin wrote:
> So, a shutdown -h in terminal and then a power-up in Zen console. Check!

Yep. You may want to log in to the xen shell console first so that
a) you know you can get in before you shut anything down, and b) you
can watch it shut down.

>>> Get:13 http://apt-cacher.lon.bitfolk.com hardy-updates/universe
>>> linux-
>>> image-2.6.24-24-xen 2.6.24-24.59 [18.8MB]
>>> 45% [13 linux-image-2.6.24-24-xen 8967518/18.8MB 47%]
>>> ----
>>>
>>> Both of them are stuck around 45% download...
>>
>> The apt-cacher will proxy a connection to the real Ubuntu mirrors if
>> it doesn't have the file locally, so it could be that the mirrors
>> are overloaded.
>
> Righto - I didn't realise that it fetches the files "real time" for the
> first time. Quite natural now when mentioned.
>
>> Is it still happening?
>
> As of a few seconds ago, yes. Still happening.

Okay. Can you try first an "apt-get update" and try it again?

I think it *is* some problem with apt-cache because it seems to have
first downloaded that package at 0741Z today. I've nuked its cache
now; it should proxy it again when someone asks for it.

>> mirror hostname)?
>
> Such as to http://gb.archive.ubuntu.com/ instead of
> http://apt-cacher.lon.bitfolk.com ?
> I can yes. I am, however, a bit reluctant to mess with live servers. If
> it's what it takes to get things going, then naturally I'm up for it.

In general the apt-cache URLs look like:

http://apt-cacher.lon.bitfolk.com/ubuntu/gb.archive.ubuntu.com/ubuntu/

The part after the first "ubuntu/" is the source mirror and path
that apt-cache will use if it doesn't have the file. Allowed hosts
for the Ubuntu apt-cacher are:

archive.ubuntu.com/ubuntu/
gb.archive.ubuntu.com/ubuntu/
security.ubuntu.com/ubuntu/
www.mirrorservice.org/sites/archive.ubuntu.com/ubuntu/
ubuntu-archive.datahop.it/ubuntu/

so you control which of the above mirrors you use.

But in this case I don't think it will help as the update will be
coming from security.ubuntu.com and also because I think it is a
problem with the apt-cacher.

Cheers,
Andy 

-- 
http://bitfolk.com/ -- No-nonsense VPS hosting

This message was posted to the following mailing lists:
users
Mailing List Info | Nearby Messages		<-Re: [bitfolk] CVE-2009-2692 - local->root Linux kernel exploitRe: [bitfolk] CVE-2009-2692 - local->root Linux kernel exploit->
Bitfolk Mailing List Archive administrated by List AdminLurker (version 2.1)