[BlueOnyx:02157] Re: New CentOS5 kernel in BX-Testing - fixes vulnerability CVE-2009-2692

Jean Rousseau Franco stuntshell at gmail.com
Thu Aug 20 18:23:59 -05 2009 

Hi Michael,
Does the system automatically boot into the new kernel?
Or does it need to be select upon reboot?
My system is too far away and I want to be sure before I do it.

Best Regards,

On Sun, Aug 16, 2009 at 12:39 PM, Michael Stauber <mstauber at blueonyx.it>wrote:

> Hi all,
>
> A vulnerability (Null pointer dereference) has been found in all Linux
> 2.4/2.6
> kernel versions since May 2001. This vulnerability could allow a local
> unprivileged user to gain root access. An exploit for it is already in the
> wild and usage of the exploit is fairly simple.
>
> This vulnerability (of course) also affects the latest CentOS5 kernel on
> BlueOnyx.
>
> More info on the vulnerability:
>
> http://blog.cr0.org/2009/08/linux-null-pointer-dereference-due-to.html
> http://lists.grok.org.uk/pipermail/full-disclosure/2009-August/070197.html
> https://bugzilla.redhat.com/show_bug.cgi?id=516949#c10
>
> Linus Torvalds commented on this last Friday and submitted at patch into
> the
> code repository at kernel.org:
>
>
> http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=e694958388c50148389b0e9b9e9e8945cf0f1b98
>
> As of right now there is no official patched kernel available from either
> RedHat or CentOS. One for Fedora is out though. The one from RedHat will
> probably around sometime early next week and the one from CentOS might take
> a
> bit longer - as usual (they just sat on a glibc update for nine days).
>
> As I rolled up a fixed kernel for Aventurin{e} anyway I went one step
> further
> and build a separate for BlueOnyx, too.
>
> *PLEASE NOTE:* This updated kernel is not tested that well. It's tested in
> so
> far that it boots on the test machines I have access to. It's also tested
> that
> it closes the vulnerability CVE-2009-2692 mentioned here. It still may not
> work for you, although nothing speaks against it.
>
> For this reason this kernel is in the BlueOnyx-Testing repository, which is
> disabled by default.
>
> So you can either choose if you want to risk it with this custom kernel, or
> you can choose if you want to wait for the official CentOS kernel.
>
> As mentioned above: The exploit requires local access (either through a
> shell
> account, or through a vulnerable (web) application for example.
>
>
> How to enable the testing repository:
> --------------------------------------------
>
> (The testing repository has been cleaned out, so only the custom kernel is
> in
> it and no "other surprises".)
>
> As "root" edit this file on your server:
>
> /etc/yum.repos.d/BlueOnyx.repo
>
> Find the following section at the bottom:
>
> [BlueOnyx-Testing]
> name=BlueOnyx 5106R Testing - $basearch
> #baseurl=
> http://www.blueonyx.it/pub/BlueOnyx/5106R/CentOS5/blueonyx/testing/
>
> mirrorlist=http://www.blueonyx.it/mirror.php?release=$releasever&arch=testing
> gpgcheck=1
> enabled=0
> gpgkey=http://www.blueonyx.it/pub/BlueOnyx/RPM-GPG-KEY-NUSOL-5106R<http://www.blueonyx.it/pub/BlueOnyx/5106R/CentOS5/blueonyx/testing/%0Amirrorlist=http://www.blueonyx.it/mirror.php?release=$releasever&arch=testing%0Agpgcheck=1%0Aenabled=0%0Agpgkey=http://www.blueonyx.it/pub/BlueOnyx/RPM-GPG-KEY-NUSOL-5106R>
>
> In it set the switch "enabled=0" to "enabled=1".
>
> Then run "yum clean all" and "yum update". That should download the updated
> kernel. For easy identification it has the extension "bx02" at the end.
>
> After the yum update edit the yum repository file again to set the testing
> repository back to disabled.
>
> Then reboot your server. Don't skip this step, as you need to boot into the
> new kernel to be protected.
>
> To confirm that your server has booted the correct kernel, run "uname -r".
> It
> should report something like this:
>
> 2.6.18-128.4.2.el5.bx02
> ...or...
> 2.6.18-128.4.2.el5.bx02-PAE
>
> The important part in the name is "bx02". If it's not showing that, then
> your
> box has booted an unpatched (stock) kernel.
>
> --
> With best regards
>
> Michael Stauber
>
> _______________________________________________
> Blueonyx mailing list
> Blueonyx at blueonyx.it
> http://www.blueonyx.it/mailman/listinfo/blueonyx
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.blueonyx.it/pipermail/blueonyx/attachments/20090820/b79aa495/attachment.html>

More information about the Blueonyx mailing list