Página 1 de 2 12 ÚltimoÚltimo
Resultados 1 a 10 de 11
  1. #1
    WHT-BR Top Member
    Data de Ingresso
    Dec 2010
    Posts
    15,000

    Kernel privilege escalation exploitable bug has been discovered in Centos/RedHat Linu

    Recebi um e-mail histérico do provedor, que tirou os servidores do ar em seguida. A quem interessar, a vulnerabilidade está descrita no link abaixo.



    Reported: 2013-05-14 09:01 EDT by Petr Matousek

    Aliases: CVE-2013-2094

    Platform: All Linux

    Priority: high

    Severity: high



    https://bugzilla.redhat.com/show_bug.cgi?id=962792
    Última edição por 5ms; 14-05-2013 às 23:24.

  2. #2
    Super Moderador
    Data de Ingresso
    Sep 2010
    Localização
    Procurando...
    Posts
    4,106
    pelas barbas do profeta, não podemos ter 1 dia de paz
    Siga-nos em nosso twitter: @wht_brasil

  3. #3
    WHT-BR Top Member
    Data de Ingresso
    Nov 2010
    Posts
    1,608
    Deve ter alguma coisa a ver:


    Hello,



    This is in regards to your server, XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX meus 4 mil servidores lá XD .



    Due to a newly published 0-day kernel exploit, we need to reboot your server to perform an emergency kernel update. This update will provide a patch for the issue in question. Were someone take advantage of this exploit, a local user would be able to get root access to your server. As such, we consider this very critical to fix quicky.



    Your server will be rebooted Tuesday, May 14th, 2013 between the hours of 9:00PM and 05:00AM CDT (02:00 - 10:00GMT)). The actual downtime will be roughly 15 minutes.



    We deeply apologize for the short notice, but we feel that this vulnerability needs to be addressed immediately to prevent server compromises. If you have any questions or concerns, please feel free to open a helpdesk ticket or email support@wiredtree.com



    Thank you,



    WiredTree Staff
    Além disso, os servidores com cloudlinux já receberam update, já os servidores com centos, não percebi quaisquer update até este momento...
    oGigante.com*• Revenda de Hospedagem Cloud Linux + WHMCS Grátis
    VWhost.com.br • Revenda de Hospedagem Linux Cpanel + CloudFlare
    Zocka.com.br • Hospedagem de Sites Cpanel + Construtor de Sites

  4. #4
    WHT-BR Top Member
    Data de Ingresso
    Dec 2010
    Posts
    15,000
    O provedor histérico disse que nodes com virtualização OpenVZ são criticos. XEN supostamente apresenta risco menor, e KVM não sabe dizer ainda.

    No momento estou com 2 VPS fora do ar, um XEN e outro KVM, de outros provedores, que sequer avisaram a "manutenção de emergência", se é que não foram dominados pelo lado negro da Força

    PS: Voltou um deles (XEN) e saiu mais um (KVM). Os provedores não estão tendo a decência (ou sangue-frio?) de avisar. Pânico?
    Última edição por 5ms; 15-05-2013 às 01:23.

  5. #5
    WHT-BR Top Member
    Data de Ingresso
    Dec 2010
    Posts
    15,000
    Posição final do provedor histérico:

    We have completed our emergency maintenance to fix a critical security flaw in the Linux kernel on OpenVZ servers.

    As said before, Xen server nodes are not affected and KVM ones, while they do have this problem, it is not exploitable. If we will patch it later, there will be a notice before hand, but at this time it is not urgent.

    Please remember to update your KVM and Xen VPSes which use vulnerable kernels. Even if your OS is not vulnerable, please try to update it every time you have the opportunity.

  6. #6
    WHT-BR Top Member
    Data de Ingresso
    Dec 2010
    Posts
    15,000

    Critical Linux vulnerability imperils users, even after “silent” fix

    For more than two years, the Linux operating system has contained a high-severity vulnerability that gives untrusted users with restricted accounts nearly unfettered "root" access over machines, including servers running in shared Web hosting facilities and other sensitive environments. Surprisingly, most users remain wide open even now, more than a month after maintainers of the open-source OS quietly released an update that patched the gaping hole.

    The severity of the bug, which resides in the Linux kernel's "perf," or performance counters subsystem, didn't become clear until Tuesday, when attack code exploiting the vulnerability became publicly available. The new script can be used to take control of servers operated by many shared Web hosting providers, where dozens or hundreds of people have unprivileged accounts on the same machine. Hackers who already have limited control over a Linux machine—for instance, by exploiting a vulnerability in a desktop browser or a Web application—can also use the bug to escalate their privileges to root. The flaw affects versions of the Linux kernel from 2.6.37 to 3.8.8 that have been compiled with the CONFIG_PERF_EVENTS kernel configuration option.

    "Because there's a public exploit already available, an attacker would simply need to download and run this exploit on a target machine," Dan Rosenberg, a senior security researcher at Azimuth Security, told Ars in an e-mail. "The exploit may not work out-of-the-box on every affected machine, in which case it would require some fairly straightforward tweaks (for someone with exploit development experience) to work properly."

    The fix to the Linux kernel was published last month. Its documentation did not mention that the code patched a critical vulnerability that could jeopardize the security of organizations running Linux in highly sensitive environments. This lack of security advisories has been standard practice for years among Linus Torvalds and other developers of the Linux kernel—and has occasionally been the subject of intense criticism from some in security circles.

    Now that a fix is available in the kernel, it will be folded into all of the affected stable kernel releases offered by kernel.org, which maintains the Linux core code. Individual distributions are expected to apply the fix to their kernels and publish security updates in the coming days.

    Additional details of the bug are available here, here, here, and here. People running vulnerable machines with untrusted user accounts should check with their distributors to find out when a patch will be available and what steps can be taken in the meantime. One user of a Red Hat Linux distribution posted temporary mitigation steps here, although at time of writing, Ars was unable to confirm that they worked. Readers are encouraged to post other mitigation advice in comments.
    Critical Linux vulnerability imperils users, even after “silent” fix | Ars Technica

  7. #7
    Super Moderador
    Data de Ingresso
    Sep 2010
    Localização
    Procurando...
    Posts
    4,106
    já saiu update para CentOS?
    Siga-nos em nosso twitter: @wht_brasil

  8. #8
    WHT-BR Top Member
    Data de Ingresso
    Nov 2010
    Posts
    1,608
    Nos meus servidores com centos, não ha qualquer atualização até agora...
    oGigante.com*• Revenda de Hospedagem Cloud Linux + WHMCS Grátis
    VWhost.com.br • Revenda de Hospedagem Linux Cpanel + CloudFlare
    Zocka.com.br • Hospedagem de Sites Cpanel + Construtor de Sites

  9. #9
    Guru Junior
    Data de Ingresso
    Nov 2010
    Posts
    237
    Saiu hoje a atualização para o kernel do CentOS no XEN.

  10. #10
    WHT-BR Top Member
    Data de Ingresso
    Nov 2010
    Posts
    1,608
    Recebi essa madrugada da syslint:

    Hello,

    There was a kernel exploit found recently on the linux kernel and a fix for this exploit has already released by the kernel vendors.

    Impact : It is a local privilege escalation vulnerability

    Affected by the RHEL6/Centos6/Openvz etc,. Kernels . It is not affected in centos 5 series kernel.

    Read more about this vulnerability from the following links,

    https://news.ycombinator.com/item?id=5703758
    https://bugzilla.redhat.com/show_bug.cgi?id=962792
    https://rhn.redhat.com/errata/RHSA-2013-0830.html

    Updates are already available for this kernels .

    You may need to upgrade the kernel to 2.6.32-358.6.2 in Centos6/RHEL6 servers and if you are running openvz kenrel please update to 2.6.32-042stab076.8 or higher.
    oGigante.com*• Revenda de Hospedagem Cloud Linux + WHMCS Grátis
    VWhost.com.br • Revenda de Hospedagem Linux Cpanel + CloudFlare
    Zocka.com.br • Hospedagem de Sites Cpanel + Construtor de Sites

Permissões de Postagem

  • Você não pode iniciar novos tópicos
  • Você não pode enviar respostas
  • Você não pode enviar anexos
  • Você não pode editar suas mensagens
  •