Community Forums
Connect with us on LinkedIn
New security exploit -- allows local user to gain root
  
+ Reply to Thread
Results 1 to 4 of 4
  1. 10-19-2010 08:16 AM #1
    iseletsk
    iseletsk is offline
    Member This forum account has been confirmed by cPanel staff to represent a vendor.
    Join Date
    Mar 2010
    Posts
    50

    Exclamation New security exploit -- allows local user to gain root

    There is a new security exploit that allows local user to gain root access to the server. My guess is pretty much all hosting companies doing linux hosting are affected
    There is no update yet available from any vendor, but as a work around, you can do following:

    # mount -o bind /tmp /tmp
    # mount -o remount,bind,nosuid /tmp /tmp
    # mount -o bind /home /home
    # mount -o remount,bind,nosuid /home /home

    Make sure you bind and remount as nosuid all directories (parent level only) where local users can create files. If your users' home directories are at /var/www, do that for /var/www directory

    # mount -o bind /var/www /var/www
    # mount -o remount,bind,nosuid /var/www /var/www

    Full Disclosure was published here yesterday:
    More info: Full Disclosure: The GNU C library dynamic linker expands $ORIGIN in setuid library search path
    CVE-2010-3847
    Igor Seletskiy
    CEO @ CloudLinux
    Reply With Quote Reply With Quote
  2. 10-21-2010 01:49 PM #2
    rhm.geerts
    rhm.geerts is offline
    Member
    Join Date
    Jul 2008
    Posts
    21

    Default

    RedHat and Centos have an update for it already.

    https://www.ksplice.com/cve-2010-3847
    Reply With Quote Reply With Quote
  3. 10-21-2010 04:05 PM #3
    javiercampos
    javiercampos is offline
    cPanel Partner NOC cPanel Partner NOC Badge javiercampos's Avatar
    Join Date
    Jan 2010
    Location
    /tmp
    Posts
    47
    cPanel/Enkompass Access Level

    Root Administrator

    Smile =)

    Thanks iseletsk and rhm.geerts
    Reply With Quote Reply With Quote
  4. 10-27-2010 04:11 PM #4
    PlatinumServerM
    PlatinumServerM is offline
    cPanel Partner NOC cPanel Partner NOC Badge
    Join Date
    Jul 2005
    Location
    New Jersey, USA
    Posts
    397

    Default

    Thanks for the notice!
    PlatinumServerManagement (also known as PSM)
    The OLDEST and LARGEST server management provider!
    Proud member of the NJ BBB & Chamber of Commerce, and Authorized Cpanel Partner.
    Reply With Quote Reply With Quote
«   How do i disable mod_proxy ?? | Is proc_open safe? »     
Similar Threads & Tags
Similar threads

  1. SpamAssassin Root Exploit
    By Arvand in forum Security
    Replies: 0
    Last Post: 03-09-2010, 08:28 AM
  2. Linux vmsplice Local Root Exploit (2.6.17 - 2.6.24.1)
    By gorilla in forum cPanel and WHM Discussions
    Replies: 14
    Last Post: 02-14-2008, 03:26 AM
  3. cpwrap root exploit
    By otsh in forum cPanel and WHM Discussions
    Replies: 2
    Last Post: 10-11-2006, 12:41 PM
  4. Is this serious? PHP <= 4.4.3 / 5.1.4 (objIndex) Local Buffer Overflow Exploit PoC
    By BianchiDude in forum cPanel and WHM Discussions
    Replies: 5
    Last Post: 08-15-2006, 06:28 PM
  5. Exim ROOT Exploit
    By echo_bg in forum cPanel and WHM Discussions
    Replies: 2
    Last Post: 10-12-2005, 11:32 AM
Linkedin       Facebook       Twitter       RSS       Flickr       YouTube