Results 1 to 22 of 22
  1. #1

    * <2.4.23 kernel warning!

    Linux Kernel do_brk() Vulnerablility

    Highly recommend to upgrade to v2.4.23 (I tested exploit code on my own server )

    http://www.securiteam.com/unixfocus/6R0012095O.html
    Alex

  2. #2
    But i dont know which version kernel in my box !! how to know which version then ?

  3. #3
    run from SSH:

    uname -a
    Alex

  4. #4
    Join Date
    May 2001
    Location
    Dayton, Ohio
    Posts
    4,977
    http://www.webhostingtalk.com/showth...hreadid=212652


    If they haven't upgraded yet they prolly never will

  5. #5
    Join Date
    May 2003
    Location
    Philadelphia
    Posts
    970
    Or they are already owned The exploits are very readily available and I'm sure many people have script kiddie wannabe's as clients
    http://www.eBoundary.com - Let us help you expand your eBoundaries!
    Fast, Secure and reliable FreeBSD shared, reseller and dedicated hosting.
    FREE Peace of mind with every account!

  6. #6
    I upgraded it weeks ago. On the 1st of December of so.
    ••• Like us on Facebook to qualify for discounts! •••
    ••• http://www.sprintserve.net •••
    ••• Offering: | Internap FCP Bandwidth! | Rebootless Kernel Updates! | Magento Optimized Hosting | Wordpress Hosting | •••
    ••• Services: | Managed Multiple Cores 64bit Servers | Server Management | •••

  7. #7
    Join Date
    Dec 2002
    Location
    chica go go
    Posts
    11,876
    doesn't work on redhat 9 machines, i tested it on my own machine running 2.4.20-24.9 and another machine running 2.4.20-20.9smp and each of them compiled correctly, but do not execute due to a segmentation fault .

  8. #8
    That's because 2.4.20.24.9 is the patched version that Redhat released.
    ••• Like us on Facebook to qualify for discounts! •••
    ••• http://www.sprintserve.net •••
    ••• Offering: | Internap FCP Bandwidth! | Rebootless Kernel Updates! | Magento Optimized Hosting | Wordpress Hosting | •••
    ••• Services: | Managed Multiple Cores 64bit Servers | Server Management | •••

  9. #9
    Join Date
    May 2001
    Location
    Dayton, Ohio
    Posts
    4,977
    And yes it does work on an unpatched RH9 server.. Happened to have to recover one that was with that very exploit.. The c source was interesting..

  10. #10
    I'v read a lot of "how to" kernel update and really want to do it myself but it look danrgous and i ..scare

  11. #11
    Join Date
    Aug 2003
    Location
    Mars
    Posts
    86
    blackmoont, You can always try rpm version's of kernel. If you use redhat then you can use up2date to upgrade your kernel automatically..
    ./HaShoo

  12. #12
    Yes , i am using redhat 9 but are there anything risk if i use up2date ?

  13. #13
    Join Date
    Feb 2003
    Location
    Detroit
    Posts
    860
    Yes , i am using redhat 9 but are there anything risk if i use up2date ?
    Only if you compiled any modules against the kernel. It's more common in a desktop situation than a production server, but if you have any customizations to the kernel then you may have issues.

    If you installed default redhat, and it worked, then your fine. If your on a hosted platform, hopefully your hosting company isn't stupid enough to put you on hardware that requires custom builds.

  14. #14
    My server place at American Datacenter . I am using RedHat 9 and apache compliled with phpsuexec , cpanel . That's all . Anything dangrous if i run up2date ? Pls give me some comment and let me have enough brave to update kernel myself . .

  15. #15
    argg, i have about 300 hosting account in my 2 server , so if i do something wrong , my neck will be cut off

  16. #16
    Join Date
    Feb 2003
    Location
    Detroit
    Posts
    860
    Then hire a experienced admin to do it for you. I can't help manage your server from a forum, odds are something will go wrong.

    Try contacting your hosting company ?

  17. #17
    Thanks , i will try , ofcourse i can ask my hostting company support , but i want to try ( but also scare ) .

  18. #18
    Join Date
    Mar 2003
    Location
    Saint Paul, MN
    Posts
    832
    Does anyone know definitavely if this exploit is x86-specific, or if it affects other platforms? 2.4.x and 2.6.x have less than wonderful stability on the Sun4m/Sparc platform... and one of my mailservers is a Sparc, still running Debian/2.2.x.

    Reading some of the articles makes is sound like an x86-only problem.
    redpin.com - offering amazingly competent email, dns, and web hosting since 2002... because someone has to!
    Because Simple Things Should Be Simple - YouCANHasDNS

  19. #19
    Great little updating link

    Search through this thread and you will find some advice and how to update.

    http://forums.ev1servers.net/showthr...threadid=38402
    LipWeb.Net
    "Less Lip More Service"
    Providing Quality Hosting at Fair Prices
    AIM: LipWebNet MSN: daniel[at]lipweb.net [color=red]

  20. #20
    Join Date
    May 2003
    Location
    Philadelphia
    Posts
    970
    Originally posted by Ankheg
    Does anyone know definitavely if this exploit is x86-specific, or if it affects other platforms? 2.4.x and 2.6.x have less than wonderful stability on the Sun4m/Sparc platform... and one of my mailservers is a Sparc, still running Debian/2.2.x.

    Reading some of the articles makes is sound like an x86-only problem.

    The shell code in the exploit will be x86 specific, chances are though that the vulnerability does effect sparc but there is no shell code available for it. I'd not count on that to be your only saving grace.

    What you have to remember is when an exploit is written the coder generally tries to target the largest common denominator so the code has the biggest impact.
    http://www.eBoundary.com - Let us help you expand your eBoundaries!
    Fast, Secure and reliable FreeBSD shared, reseller and dedicated hosting.
    FREE Peace of mind with every account!

  21. #21
    Join Date
    Dec 2001
    Location
    Above The Clouds
    Posts
    7,223
    Can't believe that weeks later, people are stll catching on. We built new kernels with grsec on the 1st or 2nd, just like sprintserve. You can't mess with those root exploits.
    Laurence Flynn @ HostNEXUS.com
    Managed WordPress Hosting Solutions
    Focused on speed. Obsessed with security.

  22. #22

    Talking

    Originally posted by Lippy
    Great little updating link

    Search through this thread and you will find some advice and how to update.

    http://forums.ev1servers.net/showth...;threadid=38402
    NOTE:

    It's a good tutorial to upgrade your kernel but also be sure to check your /lib/modules/ 2.4.20-24.9 (dir) 2.4.20-6 (dir)

    If it's already in there, skip:

    rpm -ivh kernel-2.4.20-24.9.i686.rpm

    AND go to edit your /etc/lilo.conf with pico... follow the instruction from the tutorial and you should have no problems upgrading. If you have problems after rebooting for example Apache, bind failed, you can always work in WHM to get it updated.

    Regarding up2date if you want to update, make sure you know what you are configuring or it wont work for example:

    0. debug No
    1. rhnuuid a9d4ed88-19f4-11d8-9d44-8a65e2f9d923
    2. isatty Yes
    3. showAvailablePacka No
    4. depslist []
    5. networkSetup Yes
    6. retrieveOnly No
    7. enableRollbacks No
    8. pkgSkipList []
    9. storageDir /var/spool/up2date
    10. adminAddress ['root@localhost']
    11. noBootLoader No
    12. serverURL https://xmlrpc.rhn.redhat.com/XMLRPC
    13. fileSkipList []
    14. sslCACert /usr/share/rhn/RHNS-CA-CERT
    15. noReplaceConfig Yes
    16. noReboots None
    17. useNoSSLForPackage No
    18. systemIdPath /etc/sysconfig/rhn/systemid
    19. enableProxyAuth No
    20. retrieveSource No
    21. versionOverride 34
    22. headerFetchCount 10
    23. networkRetries 5
    24. enableProxy No
    25. proxyPassword
    26. noSSLServerURL http://xmlrpc.rhn.redhat.com/XMLRPC
    27. keepAfterInstall No
    28. proxyUser
    29. removeSkipList []
    30. useGPG Yes
    31. gpgKeyRing /etc/sysconfig/rhn/up2date-keyring.gpg
    32. httpProxy
    33. headerCacheSize 40
    34. forceInstall No
    35. noReboot No


    Enter number of item to edit <return to exit, q to quit without saving>:

    Anyways, if you want to try it, there's a good tutorial at:

    http://admin0.info/articles/security/step01.html

    Basically in SSH just do the following:

    1) up2date --register

    2) up2date --configure

    3) up2date -u


    Search the web for up2date tutorials and you will find some good ones to help you especially the configuring side that is confusing to most people choosing this route.


    Regards
    WHO AM I? CLICK HERE!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •