Re: [CentOS] Kernel NULL pointer vulnerability
Marcus Moeller wrote on Fri, 14 Aug 2009 14:24:39 +0200: > The only workaroud that is known to me atm is to disable the affected > kernel modules (which should be handled with care as some of them may > provide necessary functionality in your operating environment): If vm.mmap_min_addr is > 0 you are also not affected, at least not by that exploit. http://www.h-online.com/security/Critical-vulnerability-in-the-Linux- kernel-affects-all-versions-since-2001--/news/114004 CentOS 5 has it sent to 65536 by default. CentoS 4 should be vulnerable. Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Kernel NULL pointer vulnerability
Have you tried the exploit on CentOS 5? http://grsecurity.net/~spender/wunderbar_emporium.tgz I only have access to a Fedora 9 machine right now and the exploit is working with all the modules from the first mail disabled in modprobe.conf [r...@localhost ~]# uname -a Linux localhost.localdomain 2.6.27.25-78.2.56.fc9.i686 #1 SMP Thu Jun 18 12:47:50 EDT 2009 i686 i686 i386 GNU/Linux [r...@localhost ~]# cat /proc/sys/vm/mmap_min_addr 65536 Regards, Radu ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Kernel NULL pointer vulnerability
Hi again, >> The only workaroud that is known to me atm is to disable the affected >> kernel modules (which should be handled with care as some of them may >> provide necessary functionality in your operating environment): > > If vm.mmap_min_addr is > 0 you are also not affected, at least not by that > exploit. > > http://www.h-online.com/security/Critical-vulnerability-in-the-Linux- > kernel-affects-all-versions-since-2001--/news/114004 > > CentOS 5 has it sent to 65536 by default. CentoS 4 should be vulnerable. Please note that there is a problem with the SELinux policy shipped in RHEL5, which by default will let anyone mmap at NULL! Best Regards Marcus ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Kernel NULL pointer vulnerability
On Friday 14 August 2009, Kai Schaetzl wrote: > Marcus Moeller wrote on Fri, 14 Aug 2009 14:24:39 +0200: > > The only workaroud that is known to me atm is to disable the affected > > kernel modules (which should be handled with care as some of them may > > provide necessary functionality in your operating environment): > > If vm.mmap_min_addr is > 0 you are also not affected, at least not by that > exploit. ...Unless you have selinux enabled in any way (including permissive) since in this case selinux overrides the kernel setting and makes vm.mmap_min_addr==0. /Peter > http://www.h-online.com/security/Critical-vulnerability-in-the-Linux- > kernel-affects-all-versions-since-2001--/news/114004 > > CentOS 5 has it sent to 65536 by default. CentoS 4 should be vulnerable. > > Kai signature.asc Description: This is a digitally signed message part. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Kernel NULL pointer vulnerability
Hi again. > alias net-pf-24 # PPPoE Sorry, typo in pf-24. grep -q '^alias net-pf-3 off' /etc/modprobe.conf || \ echo 'alias net-pf-3 off' >> /etc/modprobe.conf grep -q '^alias net-pf-4 off' /etc/modprobe.conf || \ echo 'alias net-pf-4 off' >> /etc/modprobe.conf grep -q '^alias net-pf-5 off' /etc/modprobe.conf || \ echo 'alias net-pf-5 off' >> /etc/modprobe.conf grep -q '^alias net-pf-9 off' /etc/modprobe.conf || \ echo 'alias net-pf-9 off' >> /etc/modprobe.conf grep -q '^alias net-pf-10 off' /etc/modprobe.conf || \ echo 'alias net-pf-10 off' >> /etc/modprobe.conf grep -q '^alias net-pf-23 off' /etc/modprobe.conf || \ echo 'alias net-pf-23 off' >> /etc/modprobe.conf grep -q '^alias net-pf-24 off' /etc/modprobe.conf || \ echo 'alias net-pf-24 off' >> /etc/modprobe.conf grep -q '^alias net-pf-31 off' /etc/modprobe.conf || \ echo 'alias net-pf-31 off' >> /etc/modprobe.conf Best Regards Marcus ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Kernel NULL pointer vulnerability
Upstream bugzilla to follow: https://bugzilla.redhat.com/show_bug.cgi?id=516949 Akemi ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Kernel NULL pointer vulnerability
On Fri, Aug 14, 2009 at 8:15 AM, Akemi Yagi wrote: > Upstream bugzilla to follow: > > https://bugzilla.redhat.com/show_bug.cgi?id=516949 Just a note to say that the issue is also being tracked in the CentOS forums: http://www.centos.org/modules/newbb/viewtopic.php?topic_id=21740&forum=42 So, if you have additional info, I would appreciate your posting it there as well. Akemi ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Kernel NULL pointer vulnerability
There is a very large issue with all people running VPS machines that are waiting for upgrades. On Fri, Aug 14, 2009 at 2:44 PM, Akemi Yagi wrote: > On Fri, Aug 14, 2009 at 8:15 AM, Akemi Yagi wrote: > > Upstream bugzilla to follow: > > > > https://bugzilla.redhat.com/show_bug.cgi?id=516949 > > Just a note to say that the issue is also being tracked in the CentOS > forums: > > http://www.centos.org/modules/newbb/viewtopic.php?topic_id=21740&forum=42 > > So, if you have additional info, I would appreciate your posting it > there as well. > > Akemi > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos > -- http://www.goldwatches.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Kernel NULL pointer vulnerability
> There is a very large issue with all people running VPS machines that are > waiting for upgrades. Why are VPS's any more affected than bare-metal machines? It will be greatly ironic if Redhat release the fix after they release 5.4, or as part of 5.4. I will try not to say I told you so. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Kernel NULL pointer vulnerability
James Matthews wrote: > There is a very large issue with all people running VPS machines that > are waiting for upgrades. > > Why is that, there is NO upgrade for this issue from upstream. We can not possibly release something before it is released by Red Hat does. signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Kernel NULL pointer vulnerability
James Matthews ha scritto: > There is a very large issue with all people running VPS machines that > are waiting for upgrades. > > Looks like, at least for openvz, virtualized machines are safe http://openvz.org/pipermail/users/2009-August/002961.html ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos