Re: [CentOS] Kernel NULL pointer vulnerability
James Matthews ha scritto: > There is a very large issue with all people running VPS machines that > are waiting for upgrades. > > Looks like, at least for openvz, virtualized machines are safe http://openvz.org/pipermail/users/2009-August/002961.html ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Kernel NULL pointer vulnerability
James Matthews wrote: > There is a very large issue with all people running VPS machines that > are waiting for upgrades. > > Why is that, there is NO upgrade for this issue from upstream. We can not possibly release something before it is released by Red Hat does. signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Kernel NULL pointer vulnerability
> There is a very large issue with all people running VPS machines that are > waiting for upgrades. Why are VPS's any more affected than bare-metal machines? It will be greatly ironic if Redhat release the fix after they release 5.4, or as part of 5.4. I will try not to say I told you so. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Kernel NULL pointer vulnerability
There is a very large issue with all people running VPS machines that are waiting for upgrades. On Fri, Aug 14, 2009 at 2:44 PM, Akemi Yagi wrote: > On Fri, Aug 14, 2009 at 8:15 AM, Akemi Yagi wrote: > > Upstream bugzilla to follow: > > > > https://bugzilla.redhat.com/show_bug.cgi?id=516949 > > Just a note to say that the issue is also being tracked in the CentOS > forums: > > http://www.centos.org/modules/newbb/viewtopic.php?topic_id=21740&forum=42 > > So, if you have additional info, I would appreciate your posting it > there as well. > > Akemi > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos > -- http://www.goldwatches.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Kernel NULL pointer vulnerability
On Fri, Aug 14, 2009 at 8:15 AM, Akemi Yagi wrote: > Upstream bugzilla to follow: > > https://bugzilla.redhat.com/show_bug.cgi?id=516949 Just a note to say that the issue is also being tracked in the CentOS forums: http://www.centos.org/modules/newbb/viewtopic.php?topic_id=21740&forum=42 So, if you have additional info, I would appreciate your posting it there as well. Akemi ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Kernel NULL pointer vulnerability
Upstream bugzilla to follow: https://bugzilla.redhat.com/show_bug.cgi?id=516949 Akemi ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Kernel NULL pointer vulnerability
Hi again. > alias net-pf-24 # PPPoE Sorry, typo in pf-24. grep -q '^alias net-pf-3 off' /etc/modprobe.conf || \ echo 'alias net-pf-3 off' >> /etc/modprobe.conf grep -q '^alias net-pf-4 off' /etc/modprobe.conf || \ echo 'alias net-pf-4 off' >> /etc/modprobe.conf grep -q '^alias net-pf-5 off' /etc/modprobe.conf || \ echo 'alias net-pf-5 off' >> /etc/modprobe.conf grep -q '^alias net-pf-9 off' /etc/modprobe.conf || \ echo 'alias net-pf-9 off' >> /etc/modprobe.conf grep -q '^alias net-pf-10 off' /etc/modprobe.conf || \ echo 'alias net-pf-10 off' >> /etc/modprobe.conf grep -q '^alias net-pf-23 off' /etc/modprobe.conf || \ echo 'alias net-pf-23 off' >> /etc/modprobe.conf grep -q '^alias net-pf-24 off' /etc/modprobe.conf || \ echo 'alias net-pf-24 off' >> /etc/modprobe.conf grep -q '^alias net-pf-31 off' /etc/modprobe.conf || \ echo 'alias net-pf-31 off' >> /etc/modprobe.conf Best Regards Marcus ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Kernel NULL pointer vulnerability
On Friday 14 August 2009, Kai Schaetzl wrote: > Marcus Moeller wrote on Fri, 14 Aug 2009 14:24:39 +0200: > > The only workaroud that is known to me atm is to disable the affected > > kernel modules (which should be handled with care as some of them may > > provide necessary functionality in your operating environment): > > If vm.mmap_min_addr is > 0 you are also not affected, at least not by that > exploit. ...Unless you have selinux enabled in any way (including permissive) since in this case selinux overrides the kernel setting and makes vm.mmap_min_addr==0. /Peter > http://www.h-online.com/security/Critical-vulnerability-in-the-Linux- > kernel-affects-all-versions-since-2001--/news/114004 > > CentOS 5 has it sent to 65536 by default. CentoS 4 should be vulnerable. > > Kai signature.asc Description: This is a digitally signed message part. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Kernel NULL pointer vulnerability
Hi again, >> The only workaroud that is known to me atm is to disable the affected >> kernel modules (which should be handled with care as some of them may >> provide necessary functionality in your operating environment): > > If vm.mmap_min_addr is > 0 you are also not affected, at least not by that > exploit. > > http://www.h-online.com/security/Critical-vulnerability-in-the-Linux- > kernel-affects-all-versions-since-2001--/news/114004 > > CentOS 5 has it sent to 65536 by default. CentoS 4 should be vulnerable. Please note that there is a problem with the SELinux policy shipped in RHEL5, which by default will let anyone mmap at NULL! Best Regards Marcus ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Kernel NULL pointer vulnerability
Have you tried the exploit on CentOS 5? http://grsecurity.net/~spender/wunderbar_emporium.tgz I only have access to a Fedora 9 machine right now and the exploit is working with all the modules from the first mail disabled in modprobe.conf [r...@localhost ~]# uname -a Linux localhost.localdomain 2.6.27.25-78.2.56.fc9.i686 #1 SMP Thu Jun 18 12:47:50 EDT 2009 i686 i686 i386 GNU/Linux [r...@localhost ~]# cat /proc/sys/vm/mmap_min_addr 65536 Regards, Radu ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Kernel NULL pointer vulnerability
Marcus Moeller wrote on Fri, 14 Aug 2009 14:24:39 +0200: > The only workaroud that is known to me atm is to disable the affected > kernel modules (which should be handled with care as some of them may > provide necessary functionality in your operating environment): If vm.mmap_min_addr is > 0 you are also not affected, at least not by that exploit. http://www.h-online.com/security/Critical-vulnerability-in-the-Linux- kernel-affects-all-versions-since-2001--/news/114004 CentOS 5 has it sent to 65536 by default. CentoS 4 should be vulnerable. Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Kernel NULL pointer vulnerability
Hi all. Julien Tinnes and Tavis Ormandy from the Google Security Team have recently found a Linux kernel vulnerability which affects all 2.4 and 2.6 kernels since 2001 on all architectures. Please read the announcement on LWM: http://lwn.net/Articles/347006/ for further information about the vulnerability and the exploit which has been provided by Brad Spengler (you will find updates on his twitter site). The only workaroud that is known to me atm is to disable the affected kernel modules (which should be handled with care as some of them may provide necessary functionality in your operating environment): echo "alias net-pf-3 off # Amateur Radio AX.25 alias net-pf-4 ipx # IPX alias net-pf-5 off # DDP / AppleTalk alias net-pf-9 off # X.25 # alias net-pf-10 off # IPv6 alias net-pf-23 off # IrDA alias net-pf-24 # PPPoE alias net-pf-31 off # Bluetooth" >> /etc/modprobe.conf Best Regards Marcus ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
