discussion
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: [Discussion] New kernel heads up & Web100

from [Buhrmaster, Gary] [Permanent Link][Original]
To: "'John Heffner'" <jheffner@xxxxxxx>, "Cottrell, Les" <cottrell@xxxxxxxxxxxxxxxxx>
Subject: RE: [Discussion] New kernel heads up & Web100
From: "Buhrmaster, Gary" <gtb@xxxxxxxxxxxxxxxxx>
Date: Mon, 21 Jun 2004 09:28:04 -0700 
John,

Please read the RH announcement(s) regarding
their latest RHEL 3 kernel.  Apparently there
are (possible) root exploits that were
discovered in 2.6, and the fixes have been
pulled back into (at least) RH's 2.4 kernel.
https://rhn.redhat.com/errata/RHSA-2004-255.html

The particular bug which is documented to
allow priv escalation can be found at:
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=126121

I do not know if the mainline kernel already has
these fixes applied (it is often, but not always,
the case that the mainline kernel has the fixes
applied to a RC version even before RH has released
fixes).


Some Background:

As a current protocol, we (SLAC) presume that
at least one or more accounts of our collegues
have had their password(s) compromised at some
site, and that the crackers are waiting for the
next kernel exploit to start using their list
of stolen accounts and passwords (and then
collect more accounts and passwords).  This is
the method of spreading for the current hack that
you may have seen announced in the Washington
Post this past April (it is ongoing).  It is 
also the same group that compromised some other
labs and large clusters.  Since we presume some
accounts have been compromised, we are very
aggressive regarding applying new kernels
to our on-site systems (Linux, Solaris, or
other).


Gary


> -----Original Message-----
> From: John Heffner [mailto:jheffner@xxxxxxx] 
> Sent: Monday, June 21, 2004 9:07 AM
> To: Cottrell, Les
> Cc: 'discussion@xxxxxxxxxx'; security; netdev-l
> Subject: Re: [Discussion] New kernel heads up & Web100
> 
> I'm not aware of any new 2.4 kernel version.  I have heard about a bug
> which allowed any user to cause a floating point exception 
> that would hang
> the machine, but it was not a root exploit.  I'm also not 
> sure if this was
> a 2.6-only bug or affected 2.4 as well.
> 
> BTW, when a new kernel version is released, we may have a bit 
> of a delay
> getting our patch out.  Some of the autotuning code has been 
> pulled in to
> the main Linux tree, so our patch is going to in effect collide with
> itself.  We're going to have to rework some of the patch around this.
> 
>   -John
> 
> 
> On Mon, 21 Jun 2004, Cottrell, Les wrote:
> 
> > We received the following email from our security folks 
> (Friday 6/18/2004):
> >
> > >Just as a heads up, there is (yet another) new Linux 
> kernel that fixes a locally
> > >exploitable root compromise.
> >
> > >We will be rolling it out to site reasonably soon (sooner 
> if an exploit is
> > >released), so if you want to continue to use web100, it is 
> time to get the newest
> > >kernel sources, and start porting web100.
> >
> > Any update from web100 folks?
> >
> > _______________________________________________
> > Discussion mailing list
> > Discussion@xxxxxxxxxx
> > http://internal.web100.org/mailman/listinfo/discussion
> >
> 
> 
> 

_______________________________________________
Discussion mailing list
Discussion@xxxxxxxxxx
http://internal.web100.org/mailman/listinfo/discussion
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Discussion] New kernel heads up & Web100, John Heffner
Next by Date:  RE: [Discussion] New kernel heads up & Web100, John Heffner
Previous by Thread:  Re: [Discussion] New kernel heads up & Web100, John Heffner
Next by Thread:  RE: [Discussion] New kernel heads up & Web100, John Heffner
Indexes:  [Date] [Thread] [Top] [All Lists]