Results 1 to 22 of 22
Thread: <2.4.23 kernel warning!
-
12-18-2003, 11:55 PM #1Web Hosting Master
- Join Date
- Feb 2001
- Posts
- 617
<2.4.23 kernel warning!
Linux Kernel do_brk() Vulnerablility
Highly recommend to upgrade to v2.4.23 (I tested exploit code on my own server )
http://www.securiteam.com/unixfocus/6R0012095O.htmlAlex
-
12-19-2003, 12:08 AM #2Web Hosting Guru
- Join Date
- Apr 2003
- Posts
- 271
But i dont know which version kernel in my box !! how to know which version then ?
-
12-19-2003, 12:14 AM #3Web Hosting Master
- Join Date
- Feb 2001
- Posts
- 617
run from SSH:
uname -aAlex
-
12-19-2003, 12:58 AM #4Web Hosting Master
- Join Date
- May 2001
- Location
- Dayton, Ohio
- Posts
- 4,977
http://www.webhostingtalk.com/showth...hreadid=212652
If they haven't upgraded yet they prolly never will
-
12-19-2003, 01:20 AM #5Web Hosting Master
- Join Date
- May 2003
- Location
- Philadelphia
- Posts
- 970
Or they are already owned The exploits are very readily available and I'm sure many people have script kiddie wannabe's as clients
http://www.eBoundary.com - Let us help you expand your eBoundaries!
Fast, Secure and reliable FreeBSD shared, reseller and dedicated hosting.
FREE Peace of mind with every account!
-
12-19-2003, 01:53 AM #6Retired Moderator
- Join Date
- Jan 2003
- Posts
- 9,049
I upgraded it weeks ago. On the 1st of December of so.
••• Like us on Facebook to qualify for discounts! •••
••• http://www.sprintserve.net •••
••• Offering: | Internap FCP Bandwidth! | Rebootless Kernel Updates! | Magento Optimized Hosting | Wordpress Hosting | •••
••• Services: | Managed Multiple Cores 64bit Servers | Server Management | •••
-
12-19-2003, 03:25 AM #7Disabled
- Join Date
- Dec 2002
- Location
- chica go go
- Posts
- 11,876
doesn't work on redhat 9 machines, i tested it on my own machine running 2.4.20-24.9 and another machine running 2.4.20-20.9smp and each of them compiled correctly, but do not execute due to a segmentation fault .
-
12-19-2003, 03:36 AM #8Retired Moderator
- Join Date
- Jan 2003
- Posts
- 9,049
That's because 2.4.20.24.9 is the patched version that Redhat released.
••• Like us on Facebook to qualify for discounts! •••
••• http://www.sprintserve.net •••
••• Offering: | Internap FCP Bandwidth! | Rebootless Kernel Updates! | Magento Optimized Hosting | Wordpress Hosting | •••
••• Services: | Managed Multiple Cores 64bit Servers | Server Management | •••
-
12-19-2003, 05:39 AM #9Web Hosting Master
- Join Date
- May 2001
- Location
- Dayton, Ohio
- Posts
- 4,977
And yes it does work on an unpatched RH9 server.. Happened to have to recover one that was with that very exploit.. The c source was interesting..
-
12-19-2003, 06:12 AM #10Web Hosting Guru
- Join Date
- Apr 2003
- Posts
- 271
I'v read a lot of "how to" kernel update and really want to do it myself but it look danrgous and i ..scare
-
12-19-2003, 06:26 AM #11Junior Guru Wannabe
- Join Date
- Aug 2003
- Location
- Mars
- Posts
- 86
blackmoont, You can always try rpm version's of kernel. If you use redhat then you can use up2date to upgrade your kernel automatically..
./HaShoo
-
12-19-2003, 07:08 AM #12Web Hosting Guru
- Join Date
- Apr 2003
- Posts
- 271
Yes , i am using redhat 9 but are there anything risk if i use up2date ?
-
12-19-2003, 07:17 AM #13Web Hosting Master
- Join Date
- Feb 2003
- Location
- Detroit
- Posts
- 860
Yes , i am using redhat 9 but are there anything risk if i use up2date ?
If you installed default redhat, and it worked, then your fine. If your on a hosted platform, hopefully your hosting company isn't stupid enough to put you on hardware that requires custom builds.
-
12-19-2003, 07:44 AM #14Web Hosting Guru
- Join Date
- Apr 2003
- Posts
- 271
My server place at American Datacenter . I am using RedHat 9 and apache compliled with phpsuexec , cpanel . That's all . Anything dangrous if i run up2date ? Pls give me some comment and let me have enough brave to update kernel myself . .
-
12-19-2003, 07:45 AM #15Web Hosting Guru
- Join Date
- Apr 2003
- Posts
- 271
argg, i have about 300 hosting account in my 2 server , so if i do something wrong , my neck will be cut off
-
12-19-2003, 08:06 AM #16Web Hosting Master
- Join Date
- Feb 2003
- Location
- Detroit
- Posts
- 860
Then hire a experienced admin to do it for you. I can't help manage your server from a forum, odds are something will go wrong.
Try contacting your hosting company ?
-
12-19-2003, 08:15 AM #17Web Hosting Guru
- Join Date
- Apr 2003
- Posts
- 271
Thanks , i will try , ofcourse i can ask my hostting company support , but i want to try ( but also scare ) .
-
12-19-2003, 11:44 AM #18Web Hosting Master
- Join Date
- Mar 2003
- Location
- Saint Paul, MN
- Posts
- 832
Does anyone know definitavely if this exploit is x86-specific, or if it affects other platforms? 2.4.x and 2.6.x have less than wonderful stability on the Sun4m/Sparc platform... and one of my mailservers is a Sparc, still running Debian/2.2.x.
Reading some of the articles makes is sound like an x86-only problem.redpin.com - offering amazingly competent email, dns, and web hosting since 2002... because someone has to!
Because Simple Things Should Be Simple - YouCANHasDNS
-
12-19-2003, 11:47 AM #19Web Hosting Master
- Join Date
- Nov 2002
- Posts
- 737
Great little updating link
Search through this thread and you will find some advice and how to update.
http://forums.ev1servers.net/showthr...threadid=38402LipWeb.Net
"Less Lip More Service"
Providing Quality Hosting at Fair Prices
AIM: LipWebNet MSN: daniel[at]lipweb.net [color=red]
-
12-19-2003, 02:12 PM #20Web Hosting Master
- Join Date
- May 2003
- Location
- Philadelphia
- Posts
- 970
Originally posted by Ankheg
Does anyone know definitavely if this exploit is x86-specific, or if it affects other platforms? 2.4.x and 2.6.x have less than wonderful stability on the Sun4m/Sparc platform... and one of my mailservers is a Sparc, still running Debian/2.2.x.
Reading some of the articles makes is sound like an x86-only problem.
The shell code in the exploit will be x86 specific, chances are though that the vulnerability does effect sparc but there is no shell code available for it. I'd not count on that to be your only saving grace.
What you have to remember is when an exploit is written the coder generally tries to target the largest common denominator so the code has the biggest impact.http://www.eBoundary.com - Let us help you expand your eBoundaries!
Fast, Secure and reliable FreeBSD shared, reseller and dedicated hosting.
FREE Peace of mind with every account!
-
12-20-2003, 09:46 AM #21Web Hosting God
- Join Date
- Dec 2001
- Location
- Above The Clouds
- Posts
- 7,223
Can't believe that weeks later, people are stll catching on. We built new kernels with grsec on the 1st or 2nd, just like sprintserve. You can't mess with those root exploits.
██ Laurence Flynn @ HostNEXUS.com
██ Managed WordPress Hosting Solutions
██ Focused on speed. Obsessed with security.
-
12-20-2003, 12:28 PM #22Web Hosting Master
- Join Date
- May 2001
- Posts
- 1,006
Originally posted by Lippy
Great little updating link
Search through this thread and you will find some advice and how to update.
http://forums.ev1servers.net/showth...;threadid=38402
It's a good tutorial to upgrade your kernel but also be sure to check your /lib/modules/ 2.4.20-24.9 (dir) 2.4.20-6 (dir)
If it's already in there, skip:
rpm -ivh kernel-2.4.20-24.9.i686.rpm
AND go to edit your /etc/lilo.conf with pico... follow the instruction from the tutorial and you should have no problems upgrading. If you have problems after rebooting for example Apache, bind failed, you can always work in WHM to get it updated.
Regarding up2date if you want to update, make sure you know what you are configuring or it wont work for example:
0. debug No
1. rhnuuid a9d4ed88-19f4-11d8-9d44-8a65e2f9d923
2. isatty Yes
3. showAvailablePacka No
4. depslist []
5. networkSetup Yes
6. retrieveOnly No
7. enableRollbacks No
8. pkgSkipList []
9. storageDir /var/spool/up2date
10. adminAddress ['root@localhost']
11. noBootLoader No
12. serverURL https://xmlrpc.rhn.redhat.com/XMLRPC
13. fileSkipList []
14. sslCACert /usr/share/rhn/RHNS-CA-CERT
15. noReplaceConfig Yes
16. noReboots None
17. useNoSSLForPackage No
18. systemIdPath /etc/sysconfig/rhn/systemid
19. enableProxyAuth No
20. retrieveSource No
21. versionOverride 34
22. headerFetchCount 10
23. networkRetries 5
24. enableProxy No
25. proxyPassword
26. noSSLServerURL http://xmlrpc.rhn.redhat.com/XMLRPC
27. keepAfterInstall No
28. proxyUser
29. removeSkipList []
30. useGPG Yes
31. gpgKeyRing /etc/sysconfig/rhn/up2date-keyring.gpg
32. httpProxy
33. headerCacheSize 40
34. forceInstall No
35. noReboot No
Enter number of item to edit <return to exit, q to quit without saving>:
Anyways, if you want to try it, there's a good tutorial at:
http://admin0.info/articles/security/step01.html
Basically in SSH just do the following:
1) up2date --register
2) up2date --configure
3) up2date -u
Search the web for up2date tutorials and you will find some good ones to help you especially the configuring side that is confusing to most people choosing this route.
RegardsWHO AM I? CLICK HERE!