Linode Forum
Linode Community Forums
 FAQFAQ    SearchSearch    MembersMembers      Register Register 
 LoginLogin [ Anonymous ] 
Post new topic  Reply to topic
Author Message
PostPosted: Sun Feb 10, 2008 4:38 pm 
Offline
Senior Member
User avatar

Joined: Sun Feb 08, 2004 6:18 pm
Posts: 562
Location: Austin
You may have heard of the new kernel exploit that recently became public.

I just tried the exploit code on the Linode to see if it was vulnerable. It doesn't give me a root login, but it does hang the "machine", pretty hard, too. Took a few minutes for the Lish-initiated reboot to take effect; I thought I was going to have to fill a support ticket.

Best case scenario seems to be a graceless shutdown, so I would have to stamp it Not Recommended.


Top
   
 Post subject:
PostPosted: Sun Feb 10, 2008 4:46 pm 
Offline
Senior Newbie

Joined: Thu Jun 15, 2006 6:54 pm
Posts: 5
Yea... Listen to what he said... Because.... yea...

--Xel


Top
   
 Post subject:
PostPosted: Sun Feb 10, 2008 5:03 pm 
Offline
Linode Staff
User avatar

Joined: Tue Apr 15, 2003 6:24 pm
Posts: 3123
Website: http://www.linode.com/
Location: Galloway, NJ
As soon as the kernel devs settle on a fix, I'll be releasing new kernels...

-Chris


Top
   
 Post subject:
PostPosted: Mon Feb 11, 2008 12:04 am 
Offline
Senior Member

Joined: Sat Jun 05, 2004 12:49 am
Posts: 333
ONe of the 'exploits' patch it :)

Find it in the debian bug ticket


Top
   
 Post subject:
PostPosted: Mon Feb 11, 2008 1:44 am 
Offline
Senior Member

Joined: Tue Apr 27, 2004 5:10 pm
Posts: 212
I believe GKH just committed the fix for this into 2.6.24.2:


Top
   
 Post subject:
PostPosted: Mon Feb 11, 2008 11:47 am 
Offline
Linode Staff
User avatar

Joined: Tue Apr 15, 2003 6:24 pm
Posts: 3123
Website: http://www.linode.com/
Location: Galloway, NJ
http://www.linode.com/forums/viewtopic.php?t=3104

-Chris


Top
   
 Post subject:
PostPosted: Mon Feb 11, 2008 12:47 pm 
Offline
Senior Newbie

Joined: Thu Dec 27, 2007 5:07 pm
Posts: 8
Website: http://dansimiha.btn.ro
Yahoo Messenger: danutz1982
Location: Cluj-Napoca , Romania
(asking maybe a stupid question)
how can I upgrade to the latest 2.6.24.2 ,without recompiling myself the kernel ?


Top
   
 Post subject:
PostPosted: Mon Feb 11, 2008 12:48 pm 
Offline
Senior Member

Joined: Tue Apr 27, 2004 5:10 pm
Posts: 212
You can select what kernel you're booting in your profile config in LPM (the members section of linode.com).

-erik


Top
   
 Post subject:
PostPosted: Mon Feb 11, 2008 12:51 pm 
Offline
Senior Newbie

Joined: Thu Dec 27, 2007 5:07 pm
Posts: 8
Website: http://dansimiha.btn.ro
Yahoo Messenger: danutz1982
Location: Cluj-Napoca , Romania
thought so,but my latest 2.6 series is 2.6.18.8 (domU linode5).


Top
   
 Post subject:
PostPosted: Mon Feb 11, 2008 12:52 pm 
Offline
Senior Member

Joined: Tue Apr 27, 2004 5:10 pm
Posts: 212
Ahh - you're on Xen. The kernel caker just released was a UML kernel. I haven't heard when the Xen kernel will be updated.


Top
   
 Post subject:
PostPosted: Mon Feb 11, 2008 12:53 pm 
Offline
Senior Newbie

Joined: Thu Dec 27, 2007 5:07 pm
Posts: 8
Website: http://dansimiha.btn.ro
Yahoo Messenger: danutz1982
Location: Cluj-Napoca , Romania
considering the big impact of this exploit it would be great to have one also on xen :)


Top
   
 Post subject:
PostPosted: Mon Feb 11, 2008 1:59 pm 
Offline
Linode Staff
User avatar

Joined: Tue Apr 15, 2003 6:24 pm
Posts: 3123
Website: http://www.linode.com/
Location: Galloway, NJ
For you Xen people:

http://www.linode.com/forums/viewtopic.php?t=3105

-Chris


Top
   
Display posts from previous:  Sort by  
Post new topic  Reply to topic


Who is online

Users browsing this forum: No registered users and 3 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum

Search for:
Jump to:  
RSS

Powered by phpBB® Forum Software © phpBB Group