Linode Forum
Linode Community Forums 		 FAQFAQ    SearchSearch    MembersMembers      Register Register 
 LoginLogin [ Anonymous ] 
Forum locked  This topic is locked, you cannot edit posts or make further replies.

Board index » Linode.com Related Forums » Linode.com Announcements
  Previous topic | Next topic 
Author Message
caker
PostPosted: Tue Dec 02, 2003 12:22 am 
Offline
Linode Staff
User avatar

Joined: Tue Apr 15, 2003 6:24 pm
Posts: 3090
Website: http://www.linode.com/
Location: Galloway, NJ
The latest stable 2.4 kernel has been made available. This is the most current 2.4 kernel.

Security

This kernel contains the fix for the root exploit that was used to compromise Debian's servers...
Quote:
Full Link Here

Recently multiple servers of the Debian project were compromised using a
Debian developers account and an unknown root exploit. Forensics
revealed a burneye encrypted exploit. Robert van der Meulen managed to
decrypt the binary which revealed a kernel exploit. Study of the exploit
by the RedHat and SuSE kernel and security teams quickly revealed that
the exploit used an integer overflow in the brk system call. Using
this bug it is possible for a userland program to trick the kernel into
giving access to the full kernel address space. This problem was found
in September by Andrew Morton, but unfortunately that was too late for
the 2.4.22 kernel release.

This bug has been fixed in kernel version 2.4.23 for the 2.4 tree and
2.6.0-test6 kernel tree. For Debian it has been fixed in version
2.4.18-12 of the kernel source packages, version 2.4.18-14 of the i386
kernel images and version 2.4.18-11 of the alpha kernel images.

It is not known for certain if this affects UML based kernels, but a reboot is strongly recommended.

Performance

2.4.23 contains improvements over 2.4.22 which affect the performance of swap and memory management. I know some of you have been running 2.4.23-pre8-linode11-5um for some time and have reported improved performance. You should also switch to this kernel, or better yet, select "Latest 2.4 Series".

My hope is that this will improve overall disk I/O performance on the host.

How to Upgrade

See if you're already running 2.4.23-linode16-6um by viewing the output of "uname -a" inside your Linode. If not, follow this procedure:

:arrow: Log into the Linode Platform Manager (LPM)
:arrow: Configuration Profiles --> Click on your configuration profile
:arrow: Make sure the Kernel drop-down has "Latest 2.4 Series" selected and Save
:arrow: Reboot your Linode

Thanks and enjoy!

-Chris


Last edited by caker on Thu Dec 18, 2003 5:27 pm, edited 1 time in total.

Top
   
Reply with quote  
caker
 Post subject:
PostPosted: Tue Dec 02, 2003 5:01 pm 
Offline
Linode Staff
User avatar

Joined: Tue Apr 15, 2003 6:24 pm
Posts: 3090
Website: http://www.linode.com/
Location: Galloway, NJ
Mikegrb informed me of this SecurityFocus link to some test asm code, and indeed it crashed the 2.4.22-linode12-6um kernel, and worked correctly on 2.4.23-linode16-6um. So, it looks like this exploit does affect UML based kernels.

Upgrade now ;)

-Chris
Top
   
Reply with quote  
proane
 Post subject:
PostPosted: Tue Dec 02, 2003 6:02 pm 
Offline
Senior Newbie
User avatar

Joined: Sat Jun 21, 2003 2:42 pm
Posts: 10
ICQ: 1402475
I dont know if its just my box or what but, when I was running on 2.4.21, I could login within 5 seconds. Now that I upgraded to the new kernel it takes FOREVER to login. It waits at least 30 seconds before it prompts me for a password.

Kinda wish I hadnt of upgraded, hopefully downgrading to 2.4.21 will fix this.

Just a kind warning for anyone upgrading.
Top
   
Reply with quote  
caker
 Post subject:
PostPosted: Tue Dec 02, 2003 6:27 pm 
Offline
Linode Staff
User avatar

Joined: Tue Apr 15, 2003 6:24 pm
Posts: 3090
Website: http://www.linode.com/
Location: Galloway, NJ
I would be careful posting advice such as this -- give it some more time, it could have been anything (network, dns problem, caching, swap, cold-start, host load, etc).

The security vulnerability exists in 2.4.21, too.

-Chris
Top
   
Reply with quote  
rhashimoto
 Post subject:
PostPosted: Wed Dec 03, 2003 1:56 am 
Offline
Senior Member

Joined: Wed Aug 13, 2003 10:24 am
Posts: 55
caker wrote:
So, it looks like this exploit does affect UML based kernels.


What about vulnerability of the host kernel? Is this an issue with that as well?

Roy
Top
   
Reply with quote  
Bill Clinton
 Post subject:
PostPosted: Wed Dec 03, 2003 12:30 pm 
Offline
Senior Member
User avatar

Joined: Sun Nov 23, 2003 1:40 pm
Posts: 79
Website: http://www.whitehouse.gov/history/presidents/bc42.html
rhashimoto wrote:
What about vulnerability of the host kernel? Is this an issue with that as well?


No, that is one of the amazing things about UML.

Bill Clinton
Top
   
Reply with quote  
rhashimoto
 Post subject:
PostPosted: Wed Dec 03, 2003 1:29 pm 
Offline
Senior Member

Joined: Wed Aug 13, 2003 10:24 am
Posts: 55
Bill Clinton wrote:
rhashimoto wrote:
What about vulnerability of the host kernel? Is this an issue with that as well?


No, that is one of the amazing things about UML.

Hmm. Let's say that someone running a pre-2.4.23 UML kernel gets compromised. This bug provides access to the kernel address space. Isn't the kernel just another user-space process on the host? Why wouldn't it be possible to repeat the exploit from the UML kernel to get access to the host kernel address space?

Roy
Top
   
Reply with quote  
Display posts from previous:  Sort by  
Forum locked  This topic is locked, you cannot edit posts or make further replies.

Board index » Linode.com Related Forums » Linode.com Announcements


Who is online

Users browsing this forum: No registered users and 1 guest

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum

Search for:
Jump to:  
RSS

Powered by phpBB® Forum Software © phpBB Group