LinkBack URL
About LinkBacksFull Disclosure: Workaround for Ac1db1tch3z exploit.
Does the default install depend on any 32 bit binaries?
x86_64 Kernel Exploit
Full Disclosure: Workaround for Ac1db1tch3z exploit.
Does the default install depend on any 32 bit binaries?
Serious Kernel Exploit - Affects x86_64 (including default rhel5)
[merged] Serious Kernel Exploit - Affects x86_64 (including default rhel5) - Web Hosting Talk
Can we have words from cPanel team about this?
Ahum,
Not even Centos have released anything yet.
I'm 64bit based and have already applied the patch. This is a tempory must as the "script kiddies" are running wild on this.
*** This only affects x86_64 machines. Please ignore this message if you are running a i386/32-bit only machine ***
*** The below is a temporary workaround for the recent local root security hole in the Linux kernel. This workaround will adversely affect some systems. A partial list of this adverse reactions is listed below. Please think carefully, and seek the advise of an expert if you are unsure if you should apply this workaround. As soon is it becomes available and deemed stable for use, you should get an updated kernel from your Linux kernel vendor. ***
This "patch"will break anything that requires 32-bit compatibility mode. cPanel does distribute true 64 bit binaries. *In theory* most things should be fine.Code:echo ':32bits:M:0:\x7fELF\x01::/bin/echo:' > /proc/sys/fs/binfmt_misc/register
So far we have found that most things work just fine (be sure to apply the attached patch before doing this to avoid problems on the next update):
- it *may* break php when mySQL versions are updated (easyapache should fix this)
- courier and mysql get installed from source instead of binary (patch attached -- apply in /scripts with-- this will be published in the next EDGE)Code:patch -p0 < courierup-mysqlup-32bitdisabled.patch.txt
- frontpage (if you still have it) breaks.
- third party 32bit only apache modules may break.
There are probably some more things that have not been found yet.
-Nick
cPanel Inc.
Need support? Submit a request here. Complimentary support is available to all license holders regardless of where you purchased your license.
Need a complimentary support account? Create one here.
FrontPage
Like it or not, we still have a LOT of people that use FrontPage extensions to publish.
I'd be interested in any workarounds that would allow us to patch for this exploit and still support FrontPage extensions/publishing.
- Scott
Tracking this issue: CentOS
We are tracking this issue within CentOS at : 0004518: CVE-2010-3081 - CentOS Bug Tracker
Also, its important that people realise the code does not need to be built locally, it can be injected and deployed over a remote hole in an existing application installed on your machine ( like WHM itself or anything contained within WHM or apps the users deploy ).
--
Karanbir Singh <http://www.karan.org/>
Hey people,
If you subscribe to ksplice, they already have a fix available for a reboot-less upgrade. Otherwise, there are patches available, if disabling 32-bit binaries is not an option for you.
Please see:
Nasty Kernel Exploit in the Wild :: The cPanel Admin
Ksplice Question
Well, I attempted to install the Ksplice system but get an error with CENTOS 5.5 x86_64:
error: Failed dependencies:
rpmlib(FileDigests) <= 4.6.0-1 is needed by ksplice-uptrack-release-1-3.noarch
rpmlib(PayloadIsXz) <= 5.2-1 is needed by ksplice-uptrack-release-1-3.noarch
I've searched and searched and can't find these anywhere, but I did find a lot of forum posts from others with the same problem. Does anyone have a solution for this?
I installed Ksplice on 6 servers and apply patch
Did you first checked if your system is not compromised?Originally Posted by hekri
I installed Ksplice on 6 servers and apply patch
Yes i checked. Instruction: https://www.ksplice.com/uptrack/cve-2010-3081.ssi.xhtml
After checed install ksplice and run:
uptrack-upgrade -y
Where are the patches that keep 32bit intact?
I also checked to make sure the server was clean and it was, but I still can't install Ksplice due to:
error: Failed dependencies:
rpmlib(FileDigests) <= 4.6.0-1 is needed by ksplice-uptrack-release-1-3.noarch
rpmlib(PayloadIsXz) <= 5.2-1 is needed by ksplice-uptrack-release-1-3.noarch
I have an email in to Ksplice but they are probably overwhelmed right now with orders and trial downloads. I just hope I can figure this out before the server is hit.
Thanks for sharing.
Have you found a solution for this?
Reply With Quote