[Triumf-linux-managers] vulnerability in SL-5 64-bit kernel
Konstantin Olchanski
olchansk at triumf.ca
Fri Sep 17 17:04:47 PDT 2010
On Fri, Sep 17, 2010 at 04:15:08PM -0700, Kelvin Raywood wrote:
> A privilege-escalation vulnerability in the 64-bit version of the Linux
> kernel has been identified ...
> ... https://access.redhat.com/kb/docs/DOC-40265
> [recommend] ... disabling execution of 32-bit binaries on 64-bit systems.
For the record, this is CVE-2010-3081.
I confirm that the exploit gives instant root shell on up-to-date SL5.5 machines,
slightly newer kernel 2.6.18-222.el5 is also vulnerable.
Hope a real fix is available soon.
(The suggested fix - disable 32-bit binaries - is a joke - we have
to run 32-bit executables all the time - but I guess nothing
better is available at the moment, short of shutting down the computers).
5pm on Friday is not a good time to go patching production computers,
the timing of this announcement is unfortunate. Much earlier on Friday
or wait for Monday would have been better.
--
Konstantin Olchanski
Data Acquisition Systems: The Bytes Must Flow!
Email: olchansk-at-triumf-dot-ca
Snail mail: 4004 Wesbrook Mall, TRIUMF, Vancouver, B.C., V6T 2A3, Canada
More information about the Triumf-linux-managers
mailing list