CentOS kernel vulnerability - unofficial patch

Posted by: mstauber Category: General

A vulnerability (Null pointer dereference) has been found in all Linux 2.4/2.6 kernel versions since May 2001. An unofficial kernel patch is available through the BlueOnyx-Testing yum repository.

A vulnerability (Null pointer dereference) has been found in all Linux 2.4/2.6 kernel versions since May 2001. This vulnerability could allow a local unprivileged user to gain root access. An exploit for it is already in the wild and usage of the exploit is fairly simple.

This vulnerability (of course) also affects the latest CentOS5 kernel on BlueOnyx.

Information:

As of right now there is no official patched kernel available from either RedHat or CentOS. One for Fedora is out though. The one from RedHat will probably around sometime early next week and the one from CentOS might take a bit longer - as usual (they just sat on a glibc update for nine days).

As I rolled up a fixed kernel for Aventurin{e} anyway I went one step further and build a separate for BlueOnyx, too.

PLEASE NOTE: This updated kernel is not tested that well. It's tested in so far that it boots on the test machines I have access to. It's also tested that it closes the vulnerability CVE-2009-2692 mentioned here. It still may not work for you, although nothing speaks against it.

For this reason this kernel is in the BlueOnyx-Testing repository, which is disabled by default.

So you can either choose if you want to risk it with this custom kernel, or you can choose if you want to wait for the official CentOS kernel.

As mentioned above: The exploit requires local access (either through a shell account, or through a vulnerable (web) application for example.


How to enable the testing repository:

(The testing repository has been cleaned out, so only the custom kernel is in it and no "other surprises".)

As "root" edit this file on your server:

/etc/yum.repos.d/BlueOnyx.repo

Find the following section at the bottom:

[BlueOnyx-Testing]
name=BlueOnyx 5106R Testing - $basearch
#baseurl=http://devel.blueonyx.it/pub/BlueOnyx/5106R/CentOS5/blueonyx/testing/
mirrorlist=http://www.blueonyx.it/mirror.php?release=$releasever&arch=testing
gpgcheck=1
enabled=0
gpgkey=http://www.blueonyx.it/pub/BlueOnyx/RPM-GPG-KEY-NUSOL-5106R


In it set the switch "enabled=0" to "enabled=1".

Then run "yum clean all" and "yum update". That should download the updated kernel. For easy identification it has the extension "bx02" at the end.

After the yum update edit the yum repository file again to set the testing repository back to disabled.

Then reboot your server. Don't skip this step, as you need to boot into the new kernel to be protected.

To confirm that your server has booted the correct kernel, run "uname -r". It should report something like this:

2.6.18-128.4.2.el5.bx02
...or...
2.6.18-128.4.2.el5.bx02-PAE

The important part in the name is "bx02". If it's not showing that, then your box has booted an unpatched (stock) kernel.

 


Return
General
Aug 16, 2009 Category: General Posted by: mstauber
Previous page: API Documentation Next page: Downloads