Blog
Forum
StatusCritical security vulnerability affecting Linux servers
A critical security flaw has been found in the Linux 2.4 and 2.6 kernel, with Linux servers risking complete takeover. Details of the security vulnerability can be read here , with more details available here.
This vulnerability allows anyone having access to your server to gain “root” privileges. It is not required to have a remote Shell (SSH) access; a simple FTP or vulnerable PHP script is enough.
We were successfully able to reproduce this vulnerability, and take this problem very seriously. No official fix has been released yet by major distributions. However, there is a possible fix on the CentOS mailing list; Debian also has also an open bug ticket opened which you can follow.
We advise customers to follow closely this vulnerability. Please contact us if you think your server has been compromised.
UPDATE: Debian has released new kernel packages to fix this vulnerability.
Comments
Promotion
Highest Rated
- Securing Wordpress against hackers
- An overview of RAID technology
- The Control Center, Our Next Generation Customer Hub
- iWeb launches its new website
- Top 9 Reasons why Web Hosting is Awesome
- A new logo for iWeb
- Smart Group: Optimizing Local Security
- Who has the coolest costume?
- 4 Tools to Create A Website Quickly & Easily
- Season’s Greetings from iWeb!
August 16th, 2009 5:17 am
Hi,
I didn’t understand. Should we do anything regarding this issue? Is it true that all of linux systems are vulnerabile regardless of their configurations? How can I check if my system is compromised?
Thanks for Info.
August 16th, 2009 6:23 pm
Gentoo has released gentoo-sources-2.6.30-r5 on 14 August to address this.
Another sleepless night for me.
August 17th, 2009 3:00 pm
Hi,
Is this resolved now?
Do we need to do anything?
Thanks
August 17th, 2009 4:05 pm
The linked article says it “puts most versions built in the past eight years at risk of complete takeover.”. You should probably refer to the web site of the OS you are using to have details about fixes and apply the fix. As noted, Debian released a fix and I guess other distributions realsed one too.
August 18th, 2009 11:14 am
However, you still need local privileges to run something. Meaning if your OS, daemons, etc. are secured and cannot be exploited to inject code, and you trust your local users (ie: your machine is only a webserver), this is not an immediate threat.
Of course, if you run an old version of Apache, with PHP 4.3 and an old phpBB instance and old WordPress, you might be running into trouble. Difference now is that people will be able to get into your server (like they could before), but now will be able to become root.
August 19th, 2009 2:12 pm
Hey everyone,
I’ve applied this to all my servers here at iWeb, so you you can also fix it before something happens by editing your modprobe.conf file.
First open the MODPROBE.CONF file with your favor text editior, in my case “vi” then insert the bottom code at the end of the file and save it.
vi /etc/modprobe.conf
Now, insert the following:
# FIX for CVE-2009-2692
install pppox /bin/true
install bluetooth /bin/true
install appletalk /bin/true
install ipx /bin/true
install sctp /bin/true
You should be secure on a CentOS system by doing the above.
Take care everyone.
Renan Ricci
August 20th, 2009 2:18 pm
I wouldn’t recommend doing that unless you know what you are doing. Someone at the centos.org forum said that their server continually froze during boot after doing this:
http://www.centos.org/modules/newbb/viewtopic.php?topic_id=21740&forum=42
Also, the vulnerability only occurs if you have SELINUX set to either “permissive” or “enabled”. You can check this in /etc/selinux/config. Our server has it set to “disabled”, so I’m assuming we are ok.
Regards,
Dave
August 20th, 2009 10:25 pm
We’ve tested out many Linux boxes with the exploit codes and had no success after the changes we implemented., at least with the codes with have so far.
Please follow: https://bugzilla.redhat.com/show_bug.cgi?id=516949#c10
Thanks,
Renan