[Triumf-linux-managers] vulnerability in SL-5 64-bit kernel

[Kelvin Raywood]

This is an important security message to all managers of Linux machines
at TRIUMF.

A privilege-escalation vulnerability in the 64-bit version of the Linux
kernel has been identified and an exploit that abuses it is publicly
available.  All 64-bit RedHat Enterprise-Linux 5 kernels and thus
Scientific-Linux 5 systems are vulnerable.

Not affected: 32-bit systems, Scientific-Linux 4 and earlier

This vulnerability can only be exploited by someone who can already
login as a normal user. However the recent incident involving ibm00 and
many other Linux machines at TRIUMF reminds us that it only takes one
compromised account to expose the passwords of many users.

RedHat have not yet released a fixed kernel, but the vulnerability can
be nullified by disabling execution of 32-bit binaries on 64-bit
systems.  I have created an rpm to do this and added it to the TRIUMF
rpm repository.

The TRIUMF Computing Security Committee recommends that you install this
on all 64-bit SL-5 systems that you manage.  Install with:

      yum install triumf-disable-elf32

With this package installed, 32-bit binaries such as acroread or
flash-plugin will not run.  If you start them from a terminal, the
message "32-bit binaries are disabled" will be printed.  This can be a
serious inconvenience but there are usually alternatives and it is
likely that a fixed kernel will be available by Monday.

More info at: https://access.redhat.com/kb/docs/DOC-40265


--
Kel Raywood
TRIUMF Computing Security Committee