Results 1 to 29 of 29
  1. #1
    Join Date
    Sep 2002
    Location
    Top Secret
    Posts
    11,687

    New kernel released

    redhat has announced a new kernel has been released, which currently removes the ssh vulnerability. Currently any kernel previous to 2.4.20-31 (redhat rpm's only) allows any user to login via ssh and su to root, thusly creating a vulnerability in the kernel itself. Beginning with 2.4.20-31, a security feature called apf has been added into the modules which disallows root logins and su, as well as sudo. It's strongly advised that all users upgrade to 2.4.20-31 as soon as possible. It's also rumored that beginning with 2.4.20-32, redhat will disallow any and all ssh access to the server through the kernel itself.

    Thanks, and have a great day.
    WHMCS Guru - WHMCS addons, management, support and more.
    WHMCS Notifications Extended - Add slack, hipchat, SMS, pushover to WHMCS !!
    Always looking for Linux, WHMCS, Support Desk work. PM for details

  2. #2
    Join Date
    Mar 2003
    Location
    California USA
    Posts
    13,294
    Nice information
    Steven Ciaburri | Industry's Best Server Management - Rack911.com
    Software Auditing - 400+ Vulnerabilities Found - Quote @ https://www.RACK911Labs.com
    Fully Managed Dedicated Servers (Las Vegas, New York City, & Amsterdam) (AS62710)
    FreeBSD & Linux Server Management, Security Auditing, Server Optimization, PCI Compliance

  3. #3
    Greetings:

    Thank you for the post, Wolfstream.

    Questions:

    1. If you currently do not allow customers to SSH, is there still a security vulnerability concern?

    2. If you use PAM to limit su to the wheel group, are you stating that was not working in prior kernels?

    3. If you have PermitRootLogin set to no in sshd_config, are you stating that was not working in prior kernels to the one just released?

    Thank you.
    ---
    Peter M. Abraham
    LinkedIn Profile

  4. #4
    Join Date
    Feb 2002
    Location
    Vestal, NY
    Posts
    1,378
    Thanks for the info. Something I have always wondered though.. If the vulnerability exists in Redhat RPMed kernels, wouldn't it also exist in a kernel compiled from source if it were compiled with the same config options as the Redhat kernel or does Redhat actually modify the kernel source in these RPMed kernels enough to open up vulnerabilities that don't exist in the original kernel?
    Is a Redhat kernel such as 2.4.20-31 based on the 2.4.20 source and is continually modified by Redhat or does it come from the latest stable kernel, which is currently 2.4.25?
    Just something I have always been curious about.
    H4Y Technologies LLC Check out our new website!
    "Smarter, Cheaper, Faster" - SMB, Reseller, VDS, Dedicated, Colo hosting done right.

    ZERO PACKETLOSS, ZERO DOWNTIME Dedicated and Colo - USA: IA, CA, NC, OR, NV
    **http://h4y.us**
    Voice: (866)435-5642. *** Email: askus at host4yourself d0t com

  5. #5
    Join Date
    Feb 2002
    Location
    Vestal, NY
    Posts
    1,378
    Hehe, just noticed the custom titles in this thread:

    TheLinuxGuy: Security is My Game
    dynamicnet: Security is a way of life

    Maybe I should take it a step further: "Without security, life is meaningless"

    Last edited by John[H4Y]; 04-01-2004 at 08:23 PM.
    H4Y Technologies LLC Check out our new website!
    "Smarter, Cheaper, Faster" - SMB, Reseller, VDS, Dedicated, Colo hosting done right.

    ZERO PACKETLOSS, ZERO DOWNTIME Dedicated and Colo - USA: IA, CA, NC, OR, NV
    **http://h4y.us**
    Voice: (866)435-5642. *** Email: askus at host4yourself d0t com

  6. #6
    Greetings:

    Without God, life has no purpose.

    But that is a subject of another thread.

    I just would like to know the answers to the questions raised ;-)

    Thank you.
    ---
    Peter M. Abraham
    LinkedIn Profile

  7. #7
    Join Date
    Sep 2002
    Location
    Top Secret
    Posts
    11,687
    Is a Redhat kernel such as 2.4.20-31 based on the 2.4.20 source and is continually modified by Redhat or does it come from the latest stable kernel, which is currently 2.4.25?
    Redhat has it's own package labeling system. Ever wonder why they always seem to be BEHIND on things? They modify things and release it at their leisure. Sometimes it stays with the product, sometimes it doesn't.

    Dynamic:
    You're a server admin, you should know the answers to those questions already
    WHMCS Guru - WHMCS addons, management, support and more.
    WHMCS Notifications Extended - Add slack, hipchat, SMS, pushover to WHMCS !!
    Always looking for Linux, WHMCS, Support Desk work. PM for details

  8. #8
    Greetings Wolfstream:

    I don't ask technical questions when I know the answers.

    If you know the answers, can you please post them?

    Thank you.
    ---
    Peter M. Abraham
    LinkedIn Profile

  9. #9
    Join Date
    Mar 2003
    Location
    California USA
    Posts
    13,294
    Man now i have to change my title i hate when people hijack my sayings or even part of them. ANd yes it is hijacking them because its techincially the same thing if you think about it and i agree you should know those questions dynamic
    Steven Ciaburri | Industry's Best Server Management - Rack911.com
    Software Auditing - 400+ Vulnerabilities Found - Quote @ https://www.RACK911Labs.com
    Fully Managed Dedicated Servers (Las Vegas, New York City, & Amsterdam) (AS62710)
    FreeBSD & Linux Server Management, Security Auditing, Server Optimization, PCI Compliance

  10. #10
    Greetings Steve:

    This is Peter.

    Steve, I don't believe in playing mind games with people.

    I don't ask these types of questions if I already know the answer to them.

    In any event, if some one can post the answers, I would be interested in reading them.

    Thank you.
    ---
    Peter M. Abraham
    LinkedIn Profile

  11. #11
    Join Date
    Mar 2001
    Posts
    1,434
    > 1. If you currently do not allow customers to SSH, is there still a security vulnerability concern?

    I would say no, there is no concern if you remove ssh access.

    > 2. If you use PAM to limit su to the wheel group, are you stating that was not working in prior kernels?

    Not sure on this one.

    > 3. If you have PermitRootLogin set to no in sshd_config, are you stating that was not working in prior kernels to the one just released?

    Withour PermitRootLogin set, no one can login as root directly via ssh. Once logged in via ssh, they can su to root.

    From a layman's perspective, I do not see what the big deal is about users being able to ssh into a server and then su to root. They still need to know the root password. We manage our remote servers by ssh'ing in as a user and then su'ing to root, or using authorized_keys to go between servers as root.

    - John C.

  12. #12
    Greetings John:

    Thank you very much for sharing your insights.

  13. #13
    Does anyone have a link to the official redhat announcement of this new kernel?

  14. #14
    Join Date
    May 2002
    Location
    Sweden
    Posts
    526
    Talk about a nerdy april fools joke :-)
    I like to help

  15. #15
    Join Date
    Sep 2002
    Location
    Top Secret
    Posts
    11,687
    Originally posted by Maximiliam
    Talk about a nerdy april fools joke :-)
    Yeah, but look at the people it suckered
    WHMCS Guru - WHMCS addons, management, support and more.
    WHMCS Notifications Extended - Add slack, hipchat, SMS, pushover to WHMCS !!
    Always looking for Linux, WHMCS, Support Desk work. PM for details

  16. #16
    Join Date
    May 2002
    Location
    Sweden
    Posts
    526
    hehe...
    I like to help

  17. #17
    Join Date
    Sep 2002
    Location
    Top Secret
    Posts
    11,687
    Sorry guys, I just couldn't resist, really!!
    WHMCS Guru - WHMCS addons, management, support and more.
    WHMCS Notifications Extended - Add slack, hipchat, SMS, pushover to WHMCS !!
    Always looking for Linux, WHMCS, Support Desk work. PM for details

  18. #18
    Greetings:

    Some people have too much time on their hands <sigh and smile>.

    Did anyone hear of the little boy who blew his horn and the results?

    Thank you.

  19. #19
    Join Date
    Mar 2001
    Posts
    1,434
    Figured I'd answer Dynamicnet and be nice. The post didn't make any sense to me, but sometimes weird things come from wolf, so ya never know.

    - John C.

  20. #20
    Well that fooled me
    http://www.baddabinghosting.com
    [email protected]
    MSN - [email protected]
    AIM - Badda Bing 0003

  21. #21
    Join Date
    Sep 2002
    Location
    Top Secret
    Posts
    11,687
    DN:
    Of course I did, however a little thought would have revealed it as a very well thought out prank. Of course, being able to create a redhat release would have been better, but hey

    Do you REALLY think that redhat would actually deny ssh to their servers? It'd be kind of ridiculous on their part. As well, think about it. ssh vulnerabilities? Not that they don't exist, but errm, wouldn't you be upgrading openssh, INSTEAD of the kernel?

    Someone once told me that the best lie has a very valid feel to it. Since AF jokes are 99% lies, I had to embed a very valid feel to this alert.

    C'mon, it's April Fools!!! Lighten up a bit!
    WHMCS Guru - WHMCS addons, management, support and more.
    WHMCS Notifications Extended - Add slack, hipchat, SMS, pushover to WHMCS !!
    Always looking for Linux, WHMCS, Support Desk work. PM for details

  22. #22
    Join Date
    May 2001
    Location
    California
    Posts
    800
    This is has been .. one of the best .. geeky AF jokes ..
    Roy K.
    Pixie Internet Services - http://www.pixiehost.com
    Affordable, reliable hosting solution with Instant Activation

  23. #23
    Join Date
    Nov 2002
    Location
    Central Florida, USA
    Posts
    382
    The APF module was great Tom.
    Rob
    Founder and former owner of SRLnet. Sold in 2006

  24. #24
    Join Date
    Sep 2002
    Location
    Top Secret
    Posts
    11,687
    The part about the RH package labeling system IS actualy true, however. I believe they've instituted their own upgrades and labeling system in quite a few packages, openssl being one, the kernel being another.
    WHMCS Guru - WHMCS addons, management, support and more.
    WHMCS Notifications Extended - Add slack, hipchat, SMS, pushover to WHMCS !!
    Always looking for Linux, WHMCS, Support Desk work. PM for details

  25. #25
    Join Date
    Mar 2003
    Location
    Rio de Janeiro - Brazil
    Posts
    291
    30 more minutes and the security guys would start a fight of "c'mon, are you telling me you're a security admin and didn't already know about these big vulnerabilities? Any decent admin should already know about it!"

    I must congratulate dynamicnet. At least he was sincere...

  26. #26
    Join Date
    Dec 2001
    Location
    Above The Clouds
    Posts
    6,999
    This was the best one of the day.
    It's also rumored that beginning with 2.4.20-32, redhat will disallow any and all ssh access to the server through the kernel itself.
    I soiled my undergarments and sprayed my monitor with coffee at the same time when I read that. I got changed and it happened again when I saw dynamicnet's response. Piure classic.
    Laurence Flynn @ atOmicVPS LTD
    Linux & Windows Cloud Hosting Solutions Powered by OnApp
    Fully Managed [Shared][Reseller][Cloud VPS] [Dedicated]
    Featuring the atOmicSTACK ● Speed ● Performance ● Reliability

  27. #27
    Join Date
    Sep 2002
    Location
    Top Secret
    Posts
    11,687
    Originally posted by NexDog
    This was the best one of the day.
    the day's not over yet, though my 1 prank for April fools payed off. Nice to know I got a few people not only LAUGHING but, fooled 'em.

    Originally posted by NexDog
    I soiled my undergarments and sprayed my monitor with coffee at the same time when I read that. I got changed and it happened again when I saw dynamicnet's response. Piure classic.
    Hrrm, maybe it wasn't thedavid that smells. I see the culprit here
    As far as the "you should know what you're doing, should have known this" from an admin POV, damn right. Obviously the report was a fake (even the ever popular April fools module). I'm just glad I pulled it off for as long as I did
    WHMCS Guru - WHMCS addons, management, support and more.
    WHMCS Notifications Extended - Add slack, hipchat, SMS, pushover to WHMCS !!
    Always looking for Linux, WHMCS, Support Desk work. PM for details

  28. #28
    Join Date
    Feb 2002
    Location
    Vestal, NY
    Posts
    1,378
    Eheh - doh!
    H4Y Technologies LLC Check out our new website!
    "Smarter, Cheaper, Faster" - SMB, Reseller, VDS, Dedicated, Colo hosting done right.

    ZERO PACKETLOSS, ZERO DOWNTIME Dedicated and Colo - USA: IA, CA, NC, OR, NV
    **http://h4y.us**
    Voice: (866)435-5642. *** Email: askus at host4yourself d0t com

  29. #29
    Join Date
    Sep 2001
    Location
    Seattle, WA
    Posts
    3,084
    Originally posted by John[H4Y]
    Thanks for the info. Something I have always wondered though.. If the vulnerability exists in Redhat RPMed kernels, wouldn't it also exist in a kernel compiled from source if it were compiled with the same config options as the Redhat kernel or does Redhat actually modify the kernel source in these RPMed kernels enough to open up vulnerabilities that don't exist in the original kernel?
    Is a Redhat kernel such as 2.4.20-31 based on the 2.4.20 source and is continually modified by Redhat or does it come from the latest stable kernel, which is currently 2.4.25?
    Just something I have always been curious about.
    The kernel is version 2.4.20, however, they backport security patches (which is the -31 number). This way the kernel itself inherently doesn't change; they just remove the insecure code (or, rather, fix it).
    Jim Reardon - jim/amusive.com

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •