openSuSE vulnerable?

I'm running openSuSE and I didn't change the setting manually, but on my machine the minimum pointer address is 65535, so it's not vulnerable.

OpenSuSE 11.1 ok

Just run a full update on my 11.1 32bit OpenSuSE with the vendor patches, and the number is 65536

Debian 5.x is 0

Debian 5.0.x has a value of 0 without wine installed. Debian 6 is 4096.

to fix Deb 5.x create a file /etc/sysctl.d/mmap_min_addr.conf with the following content


# Prevent kernel null pointer vulnerability
vm.mmap_min_addr=1024


Fedora ok

Just tried the test on Fedora 11 and 9. Both return non zero values.

No reboot?

"(...)like most Linux users, I tend to re-boot my systems once every blue moon, (...)"

Is that so? Do you leave your car with the engine idling away in the garage in the evening because you're going to need it in the morning again?

I switch my work computer off when I go home and switch my home computer off when I don't need it anymore. Why waste electricity on a system I don't need presently?

What I'd like to know: does that security risk apply only to non-privileged users with physical access to the computer or does it apply to users over the network, too, on a system which doesn't accept logins from outside anyway? Is it necessary for a user to have an account on the system in the first place in order to use this exploit? Because that would mean that most people who aren't running servers don't have a problem anyway.