Results 1 to 11 of 11
  1. #1
    Join Date
    Aug 2006
    Posts
    275

    Linux Security, Cron, and CentOS+BQ

    For everyone: one of the members of this forum likes to claim that some CentOS+BlueQuartz systems (like StrongBolt) have security holes, and this user recently sent me a file that attempts to exploit a security hole that has been well-understood in Linux kernels for some time. (You can read the details on this hole - the CVE-2006-2451 prctl() privilege escalation vulnerability) at http://secunia.com/advisories/20953 )

    This bug affects all versions of Linux (not just CentOS, which is based on RedHat) prior to 2.6.17. (For what it's worth, this class of bug has popped up over and over in the history of Unix -- I first saw it in V7 Unix in about 1979!)

    There are a couple of take-aways here:

    1) This bug does not affect most yum-updated versions of CentOS+BQ, which have updated kernels;

    2) If you have a web-server appliance on which you allow random, untrusted users to run gcc or load and run arbitrary executables, you are asking for trouble. If you're not sure -- don't allow random users to run code!

    3) Don't believe the scare-mongering you hear around here, especially when it involves "secret evidence" -- most security exploits are well-known and documented, so the bad guys know them, and you'd better as well.

    4) This is one bug -- there are many, and many more in older versions of Linux. The Cobalt Raq4 OS is based on Linux 2.2, so who knows how many bugs it still contains?

    So let's drive a stake through the heart of this one -- there is nothing less secure about a CentOS+BlueQuartz system than any other modern RedHat Enterprise Linux system out there. Do your own research, and look to multiple sources for your info.
    Last edited by gnetwerker; 02-05-2008 at 10:13 PM.
      0 Not allowed!

  2. #2
    Join Date
    Nov 2003
    Location
    Northville, Michigan
    Posts
    325
    it's very true that "CentOS+BlueQuartz" systems have been patched for this via CentOS updates.. However My Point was that StrongBolt Never Patched his kernel since the first one they made and thus are vulnerable to this hack.

    The Way it works is
    Somebody does a brute force attack and gets a user account. Or they just login with the user test and passwd test and if they get a shell they can run the hack and have root access. if they don't have a shell they ftp a shell program and or script to the users web directory and automate getting root or installing the root kit they like...

    Now I do make good money on these boxes, but I just couldn't live with myself letting people think they are safe... when they are certainly not.

    The Root Exploit is public at this time.

    I don't know of any Root Exploits for Cobalt 2.2 kernels at this time and I have the kernel src.rpm ready to accept any bugfixes... If a hole does developer I can patch it right away and post the updated kernel... or a nice stable 2.4 kernel is ready too!!
      0 Not allowed!

  3. #3
    Join Date
    Aug 2006
    Posts
    275
    Quote Originally Posted by zeffie View Post
    Somebody does a brute force attack and gets a user account. Or they just login with the user test and passwd test and if they get a shell
    If a system is that insecure (open telnet), they have bigger problems than this. But anyway, yes, it is fixed in CentOS+BQ. Glad you agree.
      0 Not allowed!

  4. #4
    Join Date
    Nov 2003
    Location
    Northville, Michigan
    Posts
    325

    telnet open is a misconception of a security problem

    Quote Originally Posted by gnetwerker View Post
    If a system is that insecure (open telnet), they have bigger problems than this. But anyway, yes, it is fixed in CentOS+BQ. Glad you agree.
    I rarely see a brute force on telnet... and Actually having telnet open is a misconception of a security problem...
      0 Not allowed!

  5. #5
    Join Date
    Aug 2006
    Posts
    275
    If anyone is still concerned about this (mostly non-) issue, an updated kernel is available here: http://www.osoffice.co.uk/linux/strongbolt/

    This installs Linux 2.6.20.1 on a CentOS+BQ Raq system.
      0 Not allowed!

  6. #6
    Join Date
    Nov 2003
    Location
    Northville, Michigan
    Posts
    325
    wow!

    Well it's about time! I mean it's only about 1 year and 9 months since the 5 exploits came out...

    http://www.securityfocus.com/bid/18874/info

    Now I see 4 expoits for that one too and that's with hardly looking.. So I guess this is getting better for the hackers anyway... I mean remote exploits are always easier...
      0 Not allowed!

  7. #7
    Join Date
    Aug 2006
    Posts
    275
    Some Security Advice

    If you want a 100% secure system, then follow these simple instructions:

    1) Place computer in a secure EMI-shielded room;
    2) Remove or disable removable media, block USB ports, etc;
    3) Unplug the computer from any networks and modems;
    4) Strip-search any users before entering and leaving the room.

    For even greater security, do not allow any users, and for the ultimate in security, unplug the computer from the wall.

    On the other hand, if you want a usable system, then use a modern operating system and take normal precautions. And if someone tries to convince you to run Linux 2.2 (originally released over seven years ago) rather than a modern OS like (e.g.) Linux 2.6.20, then run the other way.

    Indeed, if anyone tries to tell you that system security is primarily a kernel issue, laugh in their face, as they clearly do not know what they're talking about.
      0 Not allowed!

  8. #8
    Join Date
    Nov 2003
    Location
    Northville, Michigan
    Posts
    325
    Quote Originally Posted by gnetwerker View Post
    If anyone is still concerned about this (mostly non-) issue, an updated kernel is available
    I don't treat root exploits as "non issues".

    So if you don't have any financial interest in strongbolt, Why do you get so mad about my posts that you post liable content over and over?
      0 Not allowed!

  9. #9
    Join Date
    Aug 2006
    Posts
    275
    I'm not mad, and I know how to spell "libel" and use it in a sentence.
    Want a modern OS for your Raq? Try CentOS+BlueQuartz!
    Use the Strongbolt network installer.
      0 Not allowed!

  10. #10
    Join Date
    Nov 2003
    Location
    Northville, Michigan
    Posts
    325
    You have mad a joke out of this forum and the webhosting talk rules by spamming StrongBolt in every thread you can, it doesn't matter what the thread is about, you post your StrongBolt advertisements even knowing that it contains multiple security holes. Real nice.
      0 Not allowed!

  11. #11
    Join Date
    Oct 2002
    Location
    State of Disbelief
    Posts
    22,951
    Enough, you two. This constant bickering is making a fairly strong case for the closing of this forum section.

    Let's start with this thread.
    Having problems, or maybe questions about WHT? Head over to the help desk!
      0 Not allowed!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •