Kernel Exploit affecting x86_64 servers

Be sure to see this Red Hat knowledgebase article (access.redhat.com) for detailed information for Red Hat (and CentOS) based servers.

Note that the fix will keep 32-bit processes from running on your server.

Jeff
 
Does upgrading the kernel on a 64bit system brake anything related to directadmin?
 
My post is not about a kernel upgrade; it's about changing a kernel switch.

DirectAdmin shouldn't be kernel dependent.

Beyond that, if you've never made custom changes to your kernel, then updating to a new version of the kernel you've got installed shouldn't cause any problems. Unless you've got special drivers for special hardware, in which case that hardware could stop working.

The biggest problems are RAID controllers and ethernet cards. Either could have deadly consequences.

Jeff
 
If there really is a problem then i wouldnt see why it wouldnt be in yum by now.
 
The problem is real; it was published as a bug report by Red Hat. But it's true that effects all 64-bit linux kernels through the number mentioned in the bug report (all previously posted). (Yes, even Gentoo.)

If it's available in yum, and you've used yum previously, and standard kernels previously, then it's probably safe to update using yum.

Remember that yum doesn't run the kernel, though depending on your settings it may install it. You need to restart the server to run the new kernel.

You may want to do that during a time when there's someone in the datacenter in the event it's necessary to do a manual switch back to a previous kernel.

And you should probably check after you've restarted to make sure the new kernel is running.

What you probably don't need to do is install the software from the first post; it's a link to a commercial product with a free trial. Is that really what you want?

Jeff
 
Ksplice also provided a free test tool to see if you are currently affected, and in some cases it could also detect if your kernel wasn't exploitable in the first place.
 
All 64-bit kernels are affected. No 32-bit kernels are affected.

Yes, I did use their test tool.

Jeff
 
Yes, I was referring to the following

http://blog.ksplice.com/2010/09/cve-2010-3081/

A few of us (see comments) were getting the following error when running this tool
!!! Error in setting cred shellcodes

It means that the test and exploit (in this form) wouldn't work. They now have modified the error message

"A symbol required by the published exploit for CVE-2010-3081 is not
provided by your kernel. The exploit would not work on your system."

They still advice to upgrade, because modified exploits would probably do work.
 
My recollection that all are affected comes from the Red Hat article.

How can CentOS4 not be affected if Red Hat is? Doesn't CentOS use the same kernel?

Jeff
 
jlasman said:
My recollection that all are affected comes from the Red Hat article.

How can CentOS4 not be affected if Red Hat is? Doesn't CentOS use the same kernel?

Jeff
Click to expand...

It's all in the redhat link you posted.:)

The Red Hat Enterprise Linux 4 and Red Hat Enterprise MRG kernels do not include a backport of the upstream git commit 42908c69
Click to expand...
 
Personally I do not recommend to use CentOS with it's official Kernel. It's better to make a custom kernel without everything you will never need for a hosting server.
 
You must log in or register to reply here.
Back
Top