x86_64 Kernel Exploit

Serious Kernel Exploit - Affects x86_64 (including default rhel5)

[merged] Serious Kernel Exploit - Affects x86_64 (including default rhel5) - Web Hosting Talk

Can we have words from cPanel team about this?

 

Ahum,

Not even Centos have released anything yet.

I'm 64bit based and have already applied the patch. This is a tempory must as the "script kiddies" are running wild on this.

 

FrontPage

Like it or not, we still have a LOT of people that use FrontPage extensions to publish.

I'd be interested in any workarounds that would allow us to patch for this exploit and still support FrontPage extensions/publishing.

- Scott

 

Tracking this issue: CentOS

We are tracking this issue within CentOS at : 0004518: CVE-2010-3081 - CentOS Bug Tracker

Also, its important that people realise the code does not need to be built locally, it can be injected and deployed over a remote hole in an existing application installed on your machine ( like WHM itself or anything contained within WHM or apps the users deploy ).

--
Karanbir Singh <http://www.karan.org/>

 

Hey people,

If you subscribe to ksplice, they already have a fix available for a reboot-less upgrade. Otherwise, there are patches available, if disabling 32-bit binaries is not an option for you.

Please see:

Nasty Kernel Exploit in the Wild :: The cPanel Admin

 

Ksplice Question

Well, I attempted to install the Ksplice system but get an error with CENTOS 5.5 x86_64:

error: Failed dependencies:
rpmlib(FileDigests) <= 4.6.0-1 is needed by ksplice-uptrack-release-1-3.noarch
rpmlib(PayloadIsXz) <= 5.2-1 is needed by ksplice-uptrack-release-1-3.noarch

I've searched and searched and can't find these anywhere, but I did find a lot of forum posts from others with the same problem. Does anyone have a solution for this?

 

I installed Ksplice on 6 servers and apply patch

 

Did you first checked if your system is not compromised?

 

Yes i checked. Instruction: https://www.ksplice.com/uptrack/cve-2010-3081.ssi.xhtml


After checed install ksplice and run:
uptrack-upgrade -y

 

Where are the patches that keep 32bit intact?

 

I also checked to make sure the server was clean and it was, but I still can't install Ksplice due to:

error: Failed dependencies:
rpmlib(FileDigests) <= 4.6.0-1 is needed by ksplice-uptrack-release-1-3.noarch
rpmlib(PayloadIsXz) <= 5.2-1 is needed by ksplice-uptrack-release-1-3.noarch

I have an email in to Ksplice but they are probably overwhelmed right now with orders and trial downloads. I just hope I can figure this out before the server is hit.

 

Thanks for sharing.

 

Have you found a solution for this?

 

Will installing and running ksplice interfere or cause issues with cPanel?

I assume not as you are sort of promoting it; just making sure.

Kind Regards,
Tony

 

What if disable upcp

Hello,

Will it be effective if we temporary disable auto update cpanel and apply patch to disable 32bits binaries till official fix released from RH for Centos ?

 

I applied this patch, and ever since then, I have had massive problems with MySQL on the servers with crashing, problems restarting, MySQL errors. You name it, I've seen it.

Does anyone know how to undo this patch? I've been looking, I have my DC's admins looking, and we're all baffled at what we're seeing.

 

If you need to remove the path, run the following command as the root user to restore the default:

echo -1 > /proc/sys/fs/binfmt_misc/32bits

Font: https://access.redhat.com/kb/docs/DOC-40265