BLAG

BLAG Forums
It is currently Mon Dec 22, 2014 5:43 am

All times are UTC




Post new topic Reply to topic  [ 13 posts ] 
Author Message
PostPosted: Sat Jul 15, 2006 12:22 am 
Offline
Site Admin

Joined: Sun Mar 14, 2004 3:17 pm
Posts: 4492
Location: Loveland, Colorado, USA
Ouch.

http://lists.grok.org.uk/pipermail/full ... 47913.html

This affects basically all distros.

A possible workaround is to run this as root (needed each time you boot):

Code:
mount -oremount,noexec /proc


You can also change the "proc" line in /etc/fstab to this for it to come up on boot:

Code:
proc      /proc      proc    rw,noexec       0 0


A new kernel will likely be release in the next few hours/minutes/seconds. Dave Jones says Fedora will have an update out today/tomorrow too. It will be available in the blag repo shortly after.

I will also be respinning the CDs and releasing BLAG50001 sometime next week.

-Jeff


Last edited by jebba on Wed Jul 19, 2006 4:35 am, edited 3 times in total.

Top
 Profile  
 
 Post subject:
PostPosted: Sat Jul 15, 2006 3:20 am 
Offline

Joined: Sun Feb 12, 2006 6:01 am
Posts: 212
Location: new jersey
my current :

LABEL=/ / ext3 defaults 1 1
devpts /dev/pts devpts gid=5,mode=620 0 0
tmpfs /dev/shm tmpfs defaults 0 0
proc /proc proc defaults 0 0
sysfs /sys sysfs defaults 0 0
/dev/hda3 /home ext3 defaults 1 2

replace the above bold with this ?

/dev/proc /proc proc rw,noexec 0 0

or do you mean..

/proc /proc proc rw,noexec 0 0 ?

Thanks :)

_________________
WWJD (What Would Jebba Do) :)


Top
 Profile  
 
 Post subject:
PostPosted: Sat Jul 15, 2006 5:49 am 
Offline
Site Admin

Joined: Sun Mar 14, 2004 3:17 pm
Posts: 4492
Location: Loveland, Colorado, USA
It should read:

Code:
proc     /proc    proc    rw,noexec       0 0


I corrected my above post too...


Top
 Profile  
 
 Post subject:
PostPosted: Sat Jul 15, 2006 11:23 am 
Offline
Site Admin

Joined: Wed Mar 17, 2004 6:17 pm
Posts: 1340
Location: London, UK
Hi Jebba,

Am I right in thinking that this is not a thing that can be done automatically with a system upgrade as yet? And does one nedd to restart any services once you've changed /etcc/fstab? 50k rocks by the way.

- JM (jayeola)

_________________
BLAG 'em up!


Top
 Profile  
 
 Post subject:
PostPosted: Sat Jul 15, 2006 11:55 am 
Offline

Joined: Sun Feb 12, 2006 6:01 am
Posts: 212
Location: new jersey
Thanks Jebba :)

by the way, what is kernel exploit means ? what does it do actually ? is it the same like virus ?

_________________
WWJD (What Would Jebba Do) :)


Top
 Profile  
 
 Post subject:
PostPosted: Sat Jul 15, 2006 3:38 pm 
Offline
Site Admin

Joined: Sun Mar 14, 2004 3:17 pm
Posts: 4492
Location: Loveland, Colorado, USA
logicmaster wrote:
by the way, what is kernel exploit means ? what does it do actually ? is it the same like virus ?


Basically, if someone has an account on your box, they can use that to obtain root (system administrator) access. Anyone that has root access can do anything to the box, such as reformat it. This is not remotely exploitable--the cracker must be "local" on the system.

So, it's not a virus, but a "hole" into a system.

-Jeff


Top
 Profile  
 
 Post subject:
PostPosted: Sat Jul 15, 2006 3:40 pm 
Offline
Site Admin

Joined: Sun Mar 14, 2004 3:17 pm
Posts: 4492
Location: Loveland, Colorado, USA
Ok. An update is available in the blag repository. If you are running a public server, I especially encourage you to upgrade. If you are running a desktop workstation you should still upgrade. :)

Code:
apt-get update
apt-get install kernel#2.6.17-1.2157_FC5


-Jeff


Top
 Profile  
 
 Post subject:
PostPosted: Sat Jul 15, 2006 4:18 pm 
Offline

Joined: Sat Jan 14, 2006 8:38 pm
Posts: 373
Location: Athol, Massachusetts, USA
I updated the kernel. Actually I was using a version of 2.6.16 before this update because suspend to disk doesn't work right with 2.6.17 (that includes the new version). Does the exploit affect the earlier kernels also?

_________________
Ed LaBonte


Top
 Profile  
 
 Post subject:
PostPosted: Sat Jul 15, 2006 4:30 pm 
Offline
Site Admin

Joined: Sun Mar 14, 2004 3:17 pm
Posts: 4492
Location: Loveland, Colorado, USA
I believe this exploit targets all 2.6 kernels. If not, probably back to 2.6.8 or something.

Fedora legacy hasn't put out any new kernels yet, and I haven't seen any traffic about it on their list. If they make one for FC3, it'll automatically be in the blag repository. If they don't make one, I'll see what I can whip up after 50001 is done.

Ciao,

-Jeff


Top
 Profile  
 
 Post subject:
PostPosted: Sat Jul 15, 2006 4:35 pm 
Offline

Joined: Sat Jan 14, 2006 8:38 pm
Posts: 373
Location: Athol, Massachusetts, USA
jebba wrote:
If they don't make one, I'll see what I can whip up after 50001 is done.


Don't go out of your way just for me. It's not a big deal. The only time I use suspend to disk is when I'm testing it to see if it works. And I assume it will be fixed eventually anyway, unless I'm the only one affected, which I doubt.

_________________
Ed LaBonte


Top
 Profile  
 
 Post subject:
PostPosted: Sat Jul 15, 2006 4:36 pm 
Offline
Site Admin

Joined: Sun Mar 14, 2004 3:17 pm
Posts: 4492
Location: Loveland, Colorado, USA
Ah, I kinda meant I would whip up a kernel for 30k if fedora legacy doesn't put something out. But i really really hope they'll do it for me... ;)


Top
 Profile  
 
 Post subject:
PostPosted: Wed Jul 19, 2006 2:27 am 
Offline
Site Admin

Joined: Sun Mar 14, 2004 3:17 pm
Posts: 4492
Location: Loveland, Colorado, USA
It appears that BLAG 30k & 50k are not vulnerable to the recent /proc hole since the exploit needs a.out support. Those kernels are not compiled with a.out.

Dave Jones wrote:
Additionally, this exploit only works with kernels compiled with support for a.out style executables, which Fedora isn't. I've got an update building for 2.6.17.6 anyway, just to stop the inevitable "why hasn't Fedora been patched" questions.


Top
 Profile  
 
 Post subject:
PostPosted: Mon Jul 24, 2006 9:10 pm 
Offline
Site Admin

Joined: Sun Mar 14, 2004 3:17 pm
Posts: 4492
Location: Loveland, Colorado, USA
https://bugzilla.redhat.com/bugzilla/sh ... 198973#c10


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 13 posts ] 

All times are UTC


Who is online

Users browsing this forum: No registered users and 0 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB® Forum Software © phpBB Group