[Triumf-linux-managers] kernel vulnerability

[Kelvin Raywood]

This is an important security message to all managers of Linux machines 
at TRIUMF.

A vulnerability in the Linux kernel (CVE-2009-2692) that allows
a local user to gain root privileges on the machine has been identified
and an exploit that abuses the bug is publicly available.

Note this vulnerability can only be exploited by someone who can already 
login as a normal user.  If you are concerned about this, then you 
should follow one of the following recommendations.

More info and a work-around recommended by RedHat until they fix the 
kernel is available at:
[ https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-2692#c10 ].

The vulnerability is restricted to bluetooth and ppp kernel modules and 
the recommended work-around just ensures that those modules will not be 
loadable.  However, if one of the modules is already loaded then they 
will need to be manually unloaded before the work-around is effective. 
You can check with:

        lsmod | grep -E 'blue|ppp'

On ScientificLinux-4.5 or later that was installed by a TRIUMF 
kickstart, then the RedHat fix can be applied bu installing a new triumf 
rpm with:

       yum install triumf-disable-vul_kmod

Since this rpm has only just been uploaded you may find it necessary to 
do "yum clean metadata" to ensure that it is available.

The issue has also been discussed on the ScientificLinux mailing-list. 
The SL maintainers have created an rpm that takes a different approach 
to disabling the kernel-modules by removing them from the kernel trees.

The SL rpms should reach the TRIUMF mirror this evening an will be 
installable with:

         yum install SL_fix_bad_km

Kel Raywood
Core Computing and Networking
TRIUMF