OpenVZ Forum


Home » General » Support » sock_sendpage() kernel vulnerability
sock_sendpage() kernel vulnerability [message #37291] Tue, 01 September 2009 07:21 Go to next message
lukaschemp is currently offline  lukaschemp
Messages: 2
Registered: September 2009
Location: Poland
Junior Member
Hello,

Anybody have tested exploit for Linux kernel 2.4/2.6 sock_sendpage() on OpenVZ kernel in CentOS 5.X, it's vulnerable?

RHEL/CentOS has updated kernel to 2.6.18-128.7.1.el5 with no vulnerable.

Exploit: http://milw0rm.com/exploits/9545

[Updated on: Tue, 01 September 2009 07:31]

Report message to a moderator

Re: sock_sendpage() kernel vulnerability [message #37296 is a reply to message #37291] Tue, 01 September 2009 19:08 Go to previous messageGo to next message
Valmont is currently offline  Valmont
Messages: 225
Registered: September 2005
Senior Member
Well, according opennet.ru we have also this sploit:

http://www.risesecurity.org/entry/illustrating-linux-sock_se ndpage-null-pointer/

and this:

http://grsecurity.net/~spender/wunderbar_emporium.tgz

Due lack of phys. access to my servers I can't check it now, but
changelog http://wiki.openvz.org/Download/kernel/rhel5/028stab064.4
don't have any notes about fixing CVE-2009-2692


Make it for hotfix:

Red Hat Enterprise Linux 4 and 5

Add the following entries to the end of the /etc/modprobe.conf file:


install pppox /bin/true
install bluetooth /bin/true
install sctp /bin/true


The sctp module cannot be unloaded from a running kernel if the module is already loaded; therefore, the above changes for /etc/modprobe.conf on Red Hat Enterprise Linux 4 and 5 require a reboot to take effect.

Report message to a moderator

Re: sock_sendpage() kernel vulnerability [message #37297 is a reply to message #37296] Tue, 01 September 2009 19:11 Go to previous messageGo to next message
Valmont is currently offline  Valmont
Messages: 225
Registered: September 2005
Senior Member
first link sploit is same as milworm.

Report message to a moderator

Re: sock_sendpage() kernel vulnerability [message #37298 is a reply to message #37297] Tue, 01 September 2009 19:28 Go to previous messageGo to next message
Valmont is currently offline  Valmont
Messages: 225
Registered: September 2005
Senior Member
Another point. According buzilla and changelog 2.6.18-128.7.1 fix also other bad thing (CVE-2009-2698). So this update imho is urgent.

Report message to a moderator

Re: sock_sendpage() kernel vulnerability [message #37299 is a reply to message #37298] Tue, 01 September 2009 19:31 Go to previous messageGo to next message
lukaschemp is currently offline  lukaschemp
Messages: 2
Registered: September 2009
Location: Poland
Junior Member
But 2.6.18-128.7.1 from RHEL/CentOS repo is supported to use OpenVZ?

Report message to a moderator

Re: sock_sendpage() kernel vulnerability [message #37300 is a reply to message #37299] Tue, 01 September 2009 19:45 Go to previous message
Valmont is currently offline  Valmont
Messages: 225
Registered: September 2005
Senior Member
No, certainly no.

As another solution except waiting new openvz release - get from redhat/centos src.rpm necessary patches and recompile openvz kernel with them.

Report message to a moderator

Previous Topic: Bug (?): vzcfgvalidate not working
Next Topic: Allocate more RAM to a VPS
Goto Forum:
  

[ Syndicate this forum (XML) ] [ RSS ] [ PDF ]

Current Time: Fri Apr 19 00:00:09 GMT 2024

Total time taken to generate the page: 0.01748 seconds
Powered by FUDforum Powered by Virtuozzo Containers