GaryT

Well-Known Member
May 19, 2010
320
3
68
Ahum,

Not even Centos have released anything yet.

I'm 64bit based and have already applied the patch. This is a tempory must as the "script kiddies" are running wild on this.
 

cPanelNick

Administrator
Staff member
Mar 9, 2015
3,488
35
158
cPanel Access Level
DataCenter Provider
*** This only affects x86_64 machines. Please ignore this message if you are running a i386/32-bit only machine ***

*** The below is a temporary workaround for the recent local root security hole in the Linux kernel. This workaround will adversely affect some systems. A partial list of this adverse reactions is listed below. Please think carefully, and seek the advise of an expert if you are unsure if you should apply this workaround. As soon is it becomes available and deemed stable for use, you should get an updated kernel from your Linux kernel vendor. ***

This "patch"
Code:
echo ':32bits:M:0:\x7fELF\x01::/bin/echo:' > /proc/sys/fs/binfmt_misc/register
will break anything that requires 32-bit compatibility mode. cPanel does distribute true 64 bit binaries. *In theory* most things should be fine.


So far we have found that most things work just fine (be sure to apply the attached patch before doing this to avoid problems on the next update):

- it *may* break php when mySQL versions are updated (easyapache should fix this)
- courier and mysql get installed from source instead of binary (patch attached -- apply in /scripts with
Code:
patch -p0 < courierup-mysqlup-32bitdisabled.patch.txt
-- this will be published in the next EDGE)
- frontpage (if you still have it) breaks.
- third party 32bit only apache modules may break.

There are probably some more things that have not been found yet.
 

Attachments

sneader

Well-Known Member
Aug 21, 2003
1,168
53
178
La Crosse, WI
cPanel Access Level
Root Administrator
FrontPage

Like it or not, we still have a LOT of people that use FrontPage extensions to publish.

I'd be interested in any workarounds that would allow us to patch for this exploit and still support FrontPage extensions/publishing.

- Scott
 

z00dax

Registered
Verifed Vendor
Aug 1, 2009
2
0
51
Tracking this issue: CentOS

We are tracking this issue within CentOS at : 0004518: CVE-2010-3081 - CentOS Bug Tracker

Also, its important that people realise the code does not need to be built locally, it can be injected and deployed over a remote hole in an existing application installed on your machine ( like WHM itself or anything contained within WHM or apps the users deploy ).

--
Karanbir Singh <http://www.karan.org/>
 

mtbwacko

Well-Known Member
Nov 30, 2004
56
0
156
Ksplice Question

Well, I attempted to install the Ksplice system but get an error with CENTOS 5.5 x86_64:

error: Failed dependencies:
rpmlib(FileDigests) <= 4.6.0-1 is needed by ksplice-uptrack-release-1-3.noarch
rpmlib(PayloadIsXz) <= 5.2-1 is needed by ksplice-uptrack-release-1-3.noarch

I've searched and searched and can't find these anywhere, but I did find a lot of forum posts from others with the same problem. Does anyone have a solution for this?
 

mtbwacko

Well-Known Member
Nov 30, 2004
56
0
156
I also checked to make sure the server was clean and it was, but I still can't install Ksplice due to:

error: Failed dependencies:
rpmlib(FileDigests) <= 4.6.0-1 is needed by ksplice-uptrack-release-1-3.noarch
rpmlib(PayloadIsXz) <= 5.2-1 is needed by ksplice-uptrack-release-1-3.noarch

I have an email in to Ksplice but they are probably overwhelmed right now with orders and trial downloads. I just hope I can figure this out before the server is hit.
 

rligg

Well-Known Member
Sep 16, 2003
275
0
166
Like it or not, we still have a LOT of people that use FrontPage extensions to publish.

I'd be interested in any workarounds that would allow us to patch for this exploit and still support FrontPage extensions/publishing.

- Scott
Have you found a solution for this?
 

Valuehosted

Well-Known Member
Dec 12, 2002
124
0
166
Sweden
Will installing and running ksplice interfere or cause issues with cPanel?

I assume not as you are sort of promoting it; just making sure. :)

Kind Regards,
Tony
 

onlysim

Registered
Sep 20, 2010
1
0
51
What if disable upcp

Hello,

Will it be effective if we temporary disable auto update cpanel and apply patch to disable 32bits binaries till official fix released from RH for Centos ?
 

jenlepp

Well-Known Member
Jul 4, 2005
116
2
168
Liberty Hill, TX
cPanel Access Level
DataCenter Provider
[
This "patch"
Code:
echo ':32bits:M:0:\x7fELF\x01::/bin/echo:' > /proc/sys/fs/binfmt_misc/register
will break anything that requires 32-bit compatibility mode. cPanel does distribute true 64 bit binaries. *In theory* most things should be fine.
I applied this patch, and ever since then, I have had massive problems with MySQL on the servers with crashing, problems restarting, MySQL errors. You name it, I've seen it.

Does anyone know how to undo this patch? I've been looking, I have my DC's admins looking, and we're all baffled at what we're seeing.
 

Infopro

Well-Known Member
May 20, 2003
17,113
507
613
Pennsylvania
cPanel Access Level
Root Administrator
Twitter
Like it or not, we still have a LOT of people that use FrontPage extensions to publish.

I'd be interested in any workarounds that would allow us to patch for this exploit and still support FrontPage extensions/publishing.

- Scott
I would think your OS vender will be providing a path forward on this soon enough. Today, the next few days? Not sure. But I would also think you could ask your users not to use frontpage (or let them try to and then tell them when they put in a ticket it's been disabled temporarily) until that fix is available from your vendor. Just thinking out loud here I suppose...

Hello,

Will it be effective if we temporary disable auto update cpanel and apply patch to disable 32bits binaries till official fix released from RH for Centos ?
That (disabling updates) will have no effect on this I don't think.

I applied this patch, and ever since then, I have had massive problems with MySQL on the servers with crashing, problems restarting, MySQL errors. You name it, I've seen it.

Does anyone know how to undo this patch? I've been looking, I have my DC's admins looking, and we're all baffled at what we're seeing.
If you're having a problem with this, I'm sure cPanel wants to know about it. I suggest a ticket be put in and link them to this thread in the ticket.