Major vulnerabilities in Kernel allowing Root Access

[Aziz]

Major security vulnerabilities affecting Linux servers
Dear clients

We wish to inform you that two major security vulnerabilities have been discovered in the Linux kernel and that multiple clients have already been affected.

Those two vulnerabilities allows anyone having access to your server to gain "root" privileges. It is not required to have a remote Shell (SSH) access, a simple FTP or vulnerable PHP script is enough.

1- CVE-2006-2451
————————————————
This vulnerability was fixed in version 2.6.17.4 of the Linux kernel. A workaround is available:

1- As "root" on your server, run the following command:
echo /dev/null > /proc/sys/kernel/core_pattern

2- Modify /etc/sysctl.conf, at the end add:
kernel.core_pattern = /dev/null

2- CVE-2006-3626
————————————————
This vulnerability was fixed in version 2.6.17.5 of the Linux kernel. A workaround is available:

1- As "root" on your server, run the following command:
mount -o remount,noexec,nosuid /proc

2- Modify /etc/fstab, add options "noexec,nosuid" to the /proc line:
none /proc proc defaults,noexec,nosuid 0 0
+++++++++++++++++++++++++

Got it from my provider.

Peace,

 

[eymbo]

Thanks! I'm on kernel 2.6.16.1, might need to update sometime

 

[justahost]

Are all versions of Linux on the same kernal?

I just got a new server and specificvally asked them to put on the latest kernel.

I do a uname -a and get:

2.6.11-1.1369_FC4

Is that way behind???

Cheers,
Ry

 

[nobaloney]

No.

The kernel you're using is very dependent on the OS distribution installed.

Unless you've built a custom server it's unlikely you're using the latest kernel as per the numbering scheme in the posted vulnerability.

For example, for RHEL and for CentOS (4 in both cases), the latest kernel, addressing these vulnerabilities, is 2.6.9-34.0.

Jeff