Full Disclosure: Workaround for Ac1db1tch3z exploit.
Does the default install depend on any 32 bit binaries?
Does the default install depend on any 32 bit binaries?
echo ':32bits:M:0:\x7fELF\x01::/bin/echo:' > /proc/sys/fs/binfmt_misc/register
patch -p0 < courierup-mysqlup-32bitdisabled.patch.txt
Did you first checked if your system is not compromised?I installed Ksplice on 6 servers and apply patch![]()
Where are the patches that keep 32bit intact?Hey people,
If you subscribe to ksplice, they already have a fix available for a reboot-less upgrade. Otherwise, there are patches available, if disabling 32-bit binaries is not an option for you.
Please see:
Nasty Kernel Exploit in the Wild :: The cPanel Admin
Thanks for sharing.Hey people,
If you subscribe to ksplice, they already have a fix available for a reboot-less upgrade. Otherwise, there are patches available, if disabling 32-bit binaries is not an option for you.
Please see:
Nasty Kernel Exploit in the Wild :: The cPanel Admin
Have you found a solution for this?Like it or not, we still have a LOT of people that use FrontPage extensions to publish.
I'd be interested in any workarounds that would allow us to patch for this exploit and still support FrontPage extensions/publishing.
- Scott
I applied this patch, and ever since then, I have had massive problems with MySQL on the servers with crashing, problems restarting, MySQL errors. You name it, I've seen it.[
This "patch"will break anything that requires 32-bit compatibility mode. cPanel does distribute true 64 bit binaries. *In theory* most things should be fine.Code:echo ':32bits:M:0:\x7fELF\x01::/bin/echo:' > /proc/sys/fs/binfmt_misc/register
I would think your OS vender will be providing a path forward on this soon enough. Today, the next few days? Not sure. But I would also think you could ask your users not to use frontpage (or let them try to and then tell them when they put in a ticket it's been disabled temporarily) until that fix is available from your vendor. Just thinking out loud here I suppose...Like it or not, we still have a LOT of people that use FrontPage extensions to publish.
I'd be interested in any workarounds that would allow us to patch for this exploit and still support FrontPage extensions/publishing.
- Scott
That (disabling updates) will have no effect on this I don't think.Hello,
Will it be effective if we temporary disable auto update cpanel and apply patch to disable 32bits binaries till official fix released from RH for Centos ?
If you're having a problem with this, I'm sure cPanel wants to know about it. I suggest a ticket be put in and link them to this thread in the ticket.I applied this patch, and ever since then, I have had massive problems with MySQL on the servers with crashing, problems restarting, MySQL errors. You name it, I've seen it.
Does anyone know how to undo this patch? I've been looking, I have my DC's admins looking, and we're all baffled at what we're seeing.
Thread starter | Similar threads | Forum | Replies | Date |
---|---|---|---|---|
K | Free SymLink Protection from KernelCare (Post 5,000 lol) | Security | 2 | |
M | Free SSL and KernelCare question | Security | 4 | |
T | Kernel update | Security | 4 | |
S | Very broken iptables 1.4.21 after upgrade to kernel 3.10.0-514.26.2.el7.x86_64 | Security | 6 | |
F | CentOS OpenSSL issue, I have 2 versions of openssl i686 & x86_64?? | Security | 2 |