[mrcbrown]

Does look like some progress:

http://bugs.centos.o...iew.php?id=4518

Instructions on how to migrate to the testing kernel module - my question aside from that, is the kernel something VPS.NET needs to adjust for use in their cloud platform? (still kinda new here)

[tn1]

Hi,

Is there a patch available for Ubuntu 8.04 LTS 64-bit?

Thanks.

[mtdavidson]

tn1 said:

Hi,

Is there a patch available for Ubuntu 8.04 LTS 64-bit?

Thanks.

I haven't tried it yet but there is this workaround

echo ':32bits:M:0:x7fELFx01::/bin/echo:' > /proc/sys/fs/binfmt_misc/register

http://isc.sans.edu/...ml?storyid=9574

[TrevC]

This can only be exploited by someone with an existing shell account, correct? Seems there's a lot of fear/hype surrounding this problem, and probably some misinformation on other forums/sites.

[anthonysomerset]

TrevC said:

This can only be exploited by someone with an existing shell account, correct? Seems there's a lot of fear/hype surrounding this problem, and probably some misinformation on other forums/sites.

they can get in anyway they can escalate code, so if they can upload compromised php or js and trigger it from a cron they can technically get the root access

that said if you are a shared host yes you should worry/be vigilant

but if you know exactly who has access to your server you are most likely not needing to panic at this stage

[anthonysomerset]

as an update

Redhat released updated kernels: http://rhn.redhat.co...-2010-0704.html

expect centos ones to be built and ready as soon as they can get them distributed to all the mirrors i get

[mrcbrown]

CentOS patch is released. As per CentOS forums:

Quote

The CentOS kernel update has been released. But it may take some time for it to appear on the mirrors.

Came right up on mine.

Update:

Grabbed the URL from the main repo:

http://mirror.centos....el5.x86_64.rpm

Just in case anyone wants to grab it manually if your YUM isn't that tasty yet. :)

This post has been edited by mrcbrown: 21 September 2010 - 06:11 PM

[Jon_]

went to update my kernel but noticed the existing kernel ends in .e15xen, will updating to the kernel from the centos repository break stuff? (I have experience with updating/configuring kernels but only on local machines & not servers/vps instances)

[mrcbrown]

Jon_ said:

went to update my kernel but noticed the existing kernel ends in .e15xen, will updating to the kernel from the centos repository break stuff? (I have experience with updating/configuring kernels but only on local machines & not servers/vps instances)

Do:

yum update

(as root) and it should update kernel-xen - mine went flawlessly after reboot.

[georgetasioulis]

I just performed a yum upgrade to the latest kernel and it didn't brake anything.

the xen at the ending is because VPS.NET HVs apparently run the Xen hypervisor http://www.xen.org/

[nka]

anthonysomerset said:

as a follow up, reading some of the stuff around the net this is a local root escalation exploit, this means a user has to have access to the machine in some way to be able to do this the ksplice stuff is just unneccesary scaremongering.

There's two exploit. One for ALL KERNEL 2.6. This one allow local root escalation. The other one does not affect RHEL5/CentOS5 (that is maybe why Red Had have been slower to get a patch).

CVE-2010-3301:
http://git.kernel.or...876c484849a74de
http://git.kernel.or...6492063030b55ac

CVE-2010-3081 (this one affects them all):
http://git.kernel.or...782d27a79a81ea6