server uptime

[Warren Luebkeman]

Nah, we are not vulnerable to that exploit.  We do keep tabs on important security issues when they come up.  We plan to retire that server pretty soon, although I may leave it running behind the firewall, just to see how long it goes... ;-)

----- Original Message -----
From: "Bill McGonigle" <bill at bfccomputing.com>
To: "Warren Luebkeman" <warren at resara.com>, "Benjamin Scott" <dragonhawk at gmail.com>
Cc: "Greater NH Linux User Group" <gnhlug-discuss at mail.gnhlug.org>
Sent: Thursday, March 20, 2008 1:41:25 PM (GMT-0500) America/New_York
Subject: Re: server uptime

On Mar 19, 2008, at 15:36, Ben Scott wrote:

>   You're obviously not installing all your security updates, then.
> Both the 2.4 and 2.6 Debian kernels have had security advisories
> posted within the past two years.

Hey, it's possible that Warren's kernel is so old that he doesn't  
suffer from the vmslice() exploit. :)

Seriously, though - check.  If `uname -r` >= 2.6.17,  vmsplice() plus  
one (e.g.) PHP bug = remote root exploit.  That's bad, mmmkay?

Perhaps more importantly you're not picking up ext3 bugfixes, the CQF  
elevator, etc.

And somebody around here actually found an old Netware box running in  
a closet that had been drywalled over 5 years before.  It was  
apparently still serving files and print jobs (they traced the  
ethernet cable).

-Bill

-----
Bill McGonigle, Owner           Work: 603.448.4440
BFC Computing, LLC              Home: 603.448.1668
bill at bfccomputing.com           Cell: 603.252.2606
http://www.bfccomputing.com/    Page: 603.442.1833
Blog: http://blog.bfccomputing.com/
VCard: http://bfccomputing.com/vcard/bill.vcf



-- 
Warren Luebkeman
Founder, COO
Resara LLC
888.357.9195
www.resara.com