Page 2 of 5 FirstFirst 1234 ... LastLast
Results 16 to 30 of 66

Thread: x86_64 Kernel Exploit

  1. #16
    Registered Member Valuehosted's Avatar
    Join Date
    Dec 2002
    Location
    Sweden
    Posts
    124

    Default

    Will installing and running ksplice interfere or cause issues with cPanel?

    I assume not as you are sort of promoting it; just making sure.

    Kind Regards,
    Tony
    Joomla Views - Joomla views and news.
    WordPress Views - WordPress views and news (to be launched)

  2. #17
    Registered User
    Join Date
    Sep 2010
    Posts
    1

    Unhappy What if disable upcp

    Hello,

    Will it be effective if we temporary disable auto update cpanel and apply patch to disable 32bits binaries till official fix released from RH for Centos ?

  3. #18
    Registered Member jenlepp's Avatar
    Join Date
    Jul 2005
    Location
    Liberty Hill, TX
    Posts
    116
    cPanel/WHM Access Level

    DataCenter Provider

    Default

    Quote Originally Posted by cpanelnick View Post
    [
    This "patch"
    Code:
    echo ':32bits:M:0:\x7fELF\x01::/bin/echo:' > /proc/sys/fs/binfmt_misc/register
    will break anything that requires 32-bit compatibility mode. cPanel does distribute true 64 bit binaries. *In theory* most things should be fine.
    I applied this patch, and ever since then, I have had massive problems with MySQL on the servers with crashing, problems restarting, MySQL errors. You name it, I've seen it.

    Does anyone know how to undo this patch? I've been looking, I have my DC's admins looking, and we're all baffled at what we're seeing.
    Jen Lepp
    Director of Customer Service
    A Small Orange Homegrown Hosting | http://www.asmallorange.com

  4. #19
    cPanel Product Evangelist Infopro's Avatar
    Join Date
    May 2003
    Location
    Pennsylvania
    Posts
    11,237
    cPanel/WHM Access Level

    Root Administrator

    Lightbulb

    Quote Originally Posted by sneader View Post
    Like it or not, we still have a LOT of people that use FrontPage extensions to publish.

    I'd be interested in any workarounds that would allow us to patch for this exploit and still support FrontPage extensions/publishing.

    - Scott
    I would think your OS vender will be providing a path forward on this soon enough. Today, the next few days? Not sure. But I would also think you could ask your users not to use frontpage (or let them try to and then tell them when they put in a ticket it's been disabled temporarily) until that fix is available from your vendor. Just thinking out loud here I suppose...

    Quote Originally Posted by onlysim View Post
    Hello,

    Will it be effective if we temporary disable auto update cpanel and apply patch to disable 32bits binaries till official fix released from RH for Centos ?
    That (disabling updates) will have no effect on this I don't think.

    Quote Originally Posted by draknet View Post
    I applied this patch, and ever since then, I have had massive problems with MySQL on the servers with crashing, problems restarting, MySQL errors. You name it, I've seen it.

    Does anyone know how to undo this patch? I've been looking, I have my DC's admins looking, and we're all baffled at what we're seeing.
    If you're having a problem with this, I'm sure cPanel wants to know about it. I suggest a ticket be put in and link them to this thread in the ticket.

  5. #20
    Registered User
    Join Date
    Sep 2009
    Posts
    1

    Default x86_64 Kernel Exploit

    If you need to remove the path, run the following command as the root user to restore the default:

    echo -1 > /proc/sys/fs/binfmt_misc/32bits

    Font: https://access.redhat.com/kb/docs/DOC-40265

  6. #21
    Registered Member jenlepp's Avatar
    Join Date
    Jul 2005
    Location
    Liberty Hill, TX
    Posts
    116
    cPanel/WHM Access Level

    DataCenter Provider

    Default

    If you're having a problem with this, I'm sure cPanel wants to know about it. I suggest a ticket be put in and link them to this thread in the ticket.
    I removed the patch - the CloudLinux server was formally patched with KSplice, and the older servers were about to be replaced anyway and there's some debate as to whether it affects my kernel on those servers because they've been around a while.

    For anyone who needs it, it's:

    If you need to remove the mitigation, run the following command as the root
    user to restore the default behavior (and remove the above changes to
    /etc/rc.local if made):

    # echo -1 > /proc/sys/fs/binfmt_misc/32bits
    from https://access.redhat.com/kb/docs/DOC-40265

    Someone else can have their clients scream at them while they jockey with the temporary patch and cPanel support. I'm going to concentrate moving those servers to new CL boxes asap.
    Jen Lepp
    Director of Customer Service
    A Small Orange Homegrown Hosting | http://www.asmallorange.com

  7. #22
    Registered Member jenlepp's Avatar
    Join Date
    Jul 2005
    Location
    Liberty Hill, TX
    Posts
    116
    cPanel/WHM Access Level

    DataCenter Provider

    Default

    Quote Originally Posted by brulinux View Post
    If you need to remove the path, run the following command as the root user to restore the default:

    echo -1 > /proc/sys/fs/binfmt_misc/32bits

    Font: https://access.redhat.com/kb/docs/DOC-40265
    Thanks - I had found it and it appears we posted simultaneously.
    Jen Lepp
    Director of Customer Service
    A Small Orange Homegrown Hosting | http://www.asmallorange.com

  8. #23
    cPanel Staff cPanelNick's Avatar
    Join Date
    Feb 2003
    Location
    Houston, TX
    Posts
    4,846

    Default

    Quote Originally Posted by Valuehosted View Post
    Will installing and running ksplice interfere or cause issues with cPanel?

    I assume not as you are sort of promoting it; just making sure.

    Kind Regards,
    Tony
    ksplice is probably the best option right now for those who need to keep 32bit binaries working.

    Side Note: The "promotion" of ksplice is not solicited. They are just might be the best option for many at the moment.
    -Nick
    cPanel Inc.

    Need support? Submit a request here. Complimentary support is available to all license holders regardless of where you purchased your license.
    Need a complimentary support account? Create one here.

  9. #24
    Registered Member
    Join Date
    Sep 2003
    Posts
    265

    Default

    Quote Originally Posted by cpanelnick View Post
    ksplice is probably the best option right now for those who need to keep 32bit binaries working.

    Side Note: The "promotion" of ksplice is not solicited. They are just might be the best option for many at the moment.
    ???

    ksplice does not keep 32 binaries working. FrontPage and Miva Merchant fail with KSplice.

  10. #25
    cPanel Staff cPanelNick's Avatar
    Join Date
    Feb 2003
    Location
    Houston, TX
    Posts
    4,846

    Default

    Quote Originally Posted by rligg View Post
    ???

    ksplice does not keep 32 binaries working. FrontPage and Miva Merchant fail with KSplice.
    If they are not offering an updated package for your platform with 32bit compat working (I cannot confirm this either way, as I have not used it myself. ksplice will need to be contacted for more information) you may just want to wait until your linux vendor puts out an update.
    -Nick
    cPanel Inc.

    Need support? Submit a request here. Complimentary support is available to all license holders regardless of where you purchased your license.
    Need a complimentary support account? Create one here.

  11. #26
    Registered Member cPanel Partner NOC Badge
    Join Date
    Jun 2006
    Posts
    9

    Default

    Quote Originally Posted by cpanelnick View Post
    If they are not offering an updated package for your platform with 32bit compat working (I cannot confirm this either way, as I have not used it myself. ksplice will need to be contacted for more information) you may just want to wait until your linux vendor puts out an update.
    KSplice has a rebootless compat patch for RHEL5/CentOS5 as of the 18th in the afternoon. They later released an OpenVZ based kernel patch that night.

  12. #27
    Registered User This forum account has been confirmed by cPanel staff to represent a vendor.
    Join Date
    Sep 2010
    Location
    Cambridge, MA
    Posts
    2

    Default Re: Ksplice Question

    Quote Originally Posted by mtbwacko View Post
    Well, I attempted to install the Ksplice system but get an error with CENTOS 5.5 x86_64:

    error: Failed dependencies:
    rpmlib(FileDigests) <= 4.6.0-1 is needed by ksplice-uptrack-release-1-3.noarch
    rpmlib(PayloadIsXz) <= 5.2-1 is needed by ksplice-uptrack-release-1-3.noarch
    We looked into this (thanks for the email! I think we've already replied to you) and this is the error you get if you try to use the Fedora RPM on CentOS. For a CentOS system, you want this version: http://www.ksplice.com/yum/uptrack/c...ase.noarch.rpm

    As always, we're happy to help at support@ksplice.com with any questions.

    Greg Price
    Ksplice

  13. #28
    Registered User This forum account has been confirmed by cPanel staff to represent a vendor.
    Join Date
    Sep 2010
    Location
    Cambridge, MA
    Posts
    2

    Default

    Quote Originally Posted by rligg View Post
    ???

    ksplice does not keep 32 binaries working. FrontPage and Miva Merchant fail with KSplice.
    Ksplice should not cause issues with any 32-bit binaries. In particular, this Ksplice update has been installed on many thousands of machines with no observed or reported impact to 32-bit binaries. 32-bit binaries would stop working, however, if you followed the Red Hat mitigation instructions, so I'm guessing that's what's causing the issues that you've observed; perhaps you applied the mitigation and then later installed Ksplice.

    You can disable the mitigation by running the following command as root:
    Code:
    # echo -1 >  /proc/sys/fs/binfmt_misc/32bits
    If that doesn't work and you think that this issue is related to Ksplice, please contact us at support@ksplice.com and we will help investigate and correct the issue.

    Greg Price
    Ksplice

  14. #29
    Registered Member
    Join Date
    Sep 2003
    Posts
    265

    Default

    You are indeed correct. My admin used the RH patch.

  15. #30
    Registered Member
    Join Date
    May 2010
    Posts
    321

    Default

    Sounds stupid but, The easiest option is to wait for the vendor update rather than the patch, People with WHM who used the patch have MASSIVE issues, I tested on one box and I could not get the mysql and such to stay online.

    I disabled ALOT of php functions to tighten some things up till the new kernal comes out, Centos has released a newer version but I have not tested this yet:

    http://dev.centos.org/centos/5/testi...081.x86_64.rpm

    Taken from there testing repository ( beta but no exploits found so far )

    Now to wait it out there is a risk, But you also take a risk by applying patches.

Page 2 of 5 FirstFirst 1234 ... LastLast

Similar Threads

  1. Replies: 3
    Last Post: 03-12-2014, 02:50 PM
  2. Post-kernel upgrade: ext3 not supported by kernel?
    By mitu in forum cPanel & WHM Discussions
    Replies: 0
    Last Post: 06-02-2005, 08:41 AM
  3. Info On Latest Kernel Exploit
    By CamronFry in forum cPanel & WHM Discussions
    Replies: 6
    Last Post: 01-10-2005, 03:06 PM
  4. Replies: 2
    Last Post: 09-07-2004, 03:01 AM
bargain