Is kernel 2.9.34 really vulnerable?

BianchiDude

Well-Known Member
PartnerNOC
Jul 2, 2005
617
0
166
Is kernel 2.6.9-34 really vulnerable?

WHM tells me:
Kernels with known vulnerabilities include, but are not limited to, 2.6.9-22 and 2.6.9-34.

What about 2.6.9-34.0.2 is that one vulnerable?
I have 2.6.9-34.0.2.ELsmp

I dont see any known exploits for this kernel on http://www.milw0rm.com/
 

chirpy

Well-Known Member
Verifed Vendor
Jun 15, 2002
13,437
33
473
Go on, have a guess
Yes, it is vulnerable to several security issues and you should upgrade it. I'd suggest you signup to your OS vendor announcement list where they describe the vulnerabilities and bugs that are fixed in new kernel releases.
 

rikgarner

Well-Known Member
Mar 31, 2006
74
1
158
/dev/null
The fact that you are running 2.6.9-34.0.2.ELsmp gives me the feeling you are running Centos 4.3 ;)

If so, I can vouch for the upgrade to 2.6.9-42.0.2.ELsmp kernel - I have upgraded to it on several boxes (yum upgrade kernel, after removing kernel* from the /etc/yum.conf excludes, and remembering to put it back after!)

If anything, the performance of the boxes running it (all Dell PE1850's) seemed to be better :D

Rich
 

Chew

Well-Known Member
Dec 31, 2003
96
0
156
Maryland
If you have a multiprocessor kernel already installed.
Please remember to remove the kernel* from your /etc/yum.conf before performing the upgrade.

And remember that the command is "yum upgrade kernel-smp"

After the upgrade is complete verify that your /etc/grub.conf looks something like this
Code:
# grub.conf generated by anaconda
#
# Note that you do not have to rerun grub after making changes to this file
# NOTICE:  You have a /boot partition.  This means that
#          all kernel and initrd paths are relative to /boot/, eg.
#          root (hd0,0)
#          kernel /vmlinuz-version ro root=/dev/sda5
#          initrd /initrd-version.img
#boot=/dev/sda
[B]default=0[/B]
timeout=5
#splashimage=(hd0,0)/grub/splash.xpm.gz
hiddenmenu
title CentOS (2.6.9-42.0.2.ELsmp)
        root (hd0,0)
        kernel /vmlinuz-2.6.9-42.0.2.ELsmp ro root=LABEL=/ console=tty0 console=ttyS1,19200n8
        initrd /initrd-2.6.9-42.0.2.ELsmp.img
And replace the kernel* in your /etc/yum.conf after you have verified the upgrade was successful.

Regards...
 

Stephanie_R

Active Member
Mar 1, 2004
36
0
156
Yep,

The 2.9.34 kernel is vulnerable to the "procrace" exploits, h00ly**** etc...
I compiled an exploit on a test server updated to 2.6.9.42.0.2 and it failed, so I think all is good with that one.
Till the next time :rolleyes:
 

BianchiDude

Well-Known Member
PartnerNOC
Jul 2, 2005
617
0
166
I am trying to see if
2.6.42 is vulnerable,
can you confirm you got the same:
[[email protected] tmp]$ ./h00ly**** file

preparing
trying to exploit file

failed: Permission denied

They state:
** if y0u dont have one, make big file (~100MB) in /tmp with dd
** and try to junk the cache e.g. cat /usr/lib/* >/dev/null

What do they mean by
"and try to junk the cache e.g. cat /usr/lib/* >/dev/null" ?