Linux Kernel Vunerability
Forum rules
There are no such things as "stupid" questions. However if you think your question is a bit stupid, then this is the right place for you to post it. Stick to easy to-the-point questions that you feel people can answer fast. For long and complicated questions use the other forums in the support section.
Before you post read how to get help. Topics in this forum are automatically closed 6 months after creation.
There are no such things as "stupid" questions. However if you think your question is a bit stupid, then this is the right place for you to post it. Stick to easy to-the-point questions that you feel people can answer fast. For long and complicated questions use the other forums in the support section.
Before you post read how to get help. Topics in this forum are automatically closed 6 months after creation.
Linux Kernel Vunerability
The Register has reported :
A major security vulnerability in the Linux kernel, which was revealed on Sunday, has claimed its first confirmed UK victim in business ISP Claranet.
Hackers used a bug in the sys_vmsplice kernel call, which handles virtual memory management, to gain root privileges and replace Claranet customers' index.html files with the hacker's calling card.
The exploit was noticed at about 6pm on Tuesday.
Claranet said: "Malicious activity related to the vulnerability was detected on Claranet's shared hosting platform. Within 10 minutes Claranet contained and halted the malicious activity, and locked down the platform to prevent further damage.
"The shared hosting platform was fully patched with the vendor's updates by 10am on Wednesday. Less than one per cent of the total web sites hosted on the Claranet platform were affected and all were restored to their original states by 1pm on Wednesday 13 February."
The (potentially tricky) hacking process was dumbed down by the publication of exploit code earlier this week, Linux-Watch notes.
Security notification firm Secunia reports that switching to either version 2.6.23.16 or 2.6.24.2 of the Linux kernel guards against attack. Hotfixes designed to plug the vulnerability short of upgrading the kernel have also been released.
The affected system call first appeared in version 2.6.17 of the Linux kernel, but wasn't left open to exploit until changes were made with the 2.6.23 version.
Linux vendors are working on a permanent fix for the problem. Claranet emphasised that it keeps a close eye on announcements of new vulnerabilities and acts swiftly to patch them.
Apparently other forums report Ubuntu sent out a patch on 13th Feb
A major security vulnerability in the Linux kernel, which was revealed on Sunday, has claimed its first confirmed UK victim in business ISP Claranet.
Hackers used a bug in the sys_vmsplice kernel call, which handles virtual memory management, to gain root privileges and replace Claranet customers' index.html files with the hacker's calling card.
The exploit was noticed at about 6pm on Tuesday.
Claranet said: "Malicious activity related to the vulnerability was detected on Claranet's shared hosting platform. Within 10 minutes Claranet contained and halted the malicious activity, and locked down the platform to prevent further damage.
"The shared hosting platform was fully patched with the vendor's updates by 10am on Wednesday. Less than one per cent of the total web sites hosted on the Claranet platform were affected and all were restored to their original states by 1pm on Wednesday 13 February."
The (potentially tricky) hacking process was dumbed down by the publication of exploit code earlier this week, Linux-Watch notes.
Security notification firm Secunia reports that switching to either version 2.6.23.16 or 2.6.24.2 of the Linux kernel guards against attack. Hotfixes designed to plug the vulnerability short of upgrading the kernel have also been released.
The affected system call first appeared in version 2.6.17 of the Linux kernel, but wasn't left open to exploit until changes were made with the 2.6.23 version.
Linux vendors are working on a permanent fix for the problem. Claranet emphasised that it keeps a close eye on announcements of new vulnerabilities and acts swiftly to patch them.
Apparently other forums report Ubuntu sent out a patch on 13th Feb
Last edited by LockBot on Wed Dec 28, 2022 7:16 am, edited 1 time in total.
Reason: Topic automatically closed 6 months after creation. New replies are no longer allowed.
Reason: Topic automatically closed 6 months after creation. New replies are no longer allowed.
Re: Linux Kernel Vunerability
As we have 2.6.22 we're probably safeThe affected system call first appeared in version 2.6.17 of the Linux kernel, but wasn't left open to exploit until changes were made with the 2.6.23 version.
Re: Linux Kernel Vunerability
You can get the Ubuntu patches in mintUpdate:
- open the preferences.
- make level 5 visible.
- sort the list of updates by level to see the kernel (level 5).
- clear the list to have nothing selected.
- select the kernel (linux-image-...)
- click install updates
- go back to preferences and make level 5 invisible again.
Now, before you do that... make sure you know why you're doing it. If you're a home user, behind a physical router + ISP (NAT and all) and you've been using kernel modules (nvidia drivers, restricted manager for wifi, virtualbox..etc..) you probably:
1- don't care about hackers.
2- do care about the stability of your system.
so in this case, don't bother upgrading. Things work now, will they work as well then?
If you're on standard hardware and exposed on the Internet (a server for instance) then you'll probably want to take the update.
It's up to you basically
Clem
- open the preferences.
- make level 5 visible.
- sort the list of updates by level to see the kernel (level 5).
- clear the list to have nothing selected.
- select the kernel (linux-image-...)
- click install updates
- go back to preferences and make level 5 invisible again.
Now, before you do that... make sure you know why you're doing it. If you're a home user, behind a physical router + ISP (NAT and all) and you've been using kernel modules (nvidia drivers, restricted manager for wifi, virtualbox..etc..) you probably:
1- don't care about hackers.
2- do care about the stability of your system.
so in this case, don't bother upgrading. Things work now, will they work as well then?
If you're on standard hardware and exposed on the Internet (a server for instance) then you'll probably want to take the update.
It's up to you basically
Clem
Re: Linux Kernel Vunerability
And I point this out again
Clem I'm not bashing you just driving home the fact that we're safe
I think you can skip probablyAs we have 2.6.22 we're probably safe
Clem I'm not bashing you just driving home the fact that we're safe
Re: Linux Kernel Vunerability
No problem at all
- linuxviolin
- Level 8
- Posts: 2081
- Joined: Tue Feb 27, 2007 6:55 pm
- Location: France
Re: Linux Kernel Vunerability
No you should not skip this kernel update!Husse wrote:I think you can skip probably
No, "the problem affects only kernels 2.6.17 and newer" and for Ubuntu the exploit is confirmed for Gutsy (2.6.22-14-generic), Hardy (2.6.24), Feisty. Importance: highHusse wrote:As we have 2.6.22 we're probably safe
See here or here (
A security issue affects the following Ubuntu releases:
Ubuntu 6.10
Ubuntu 7.04
Ubuntu 7.10
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
)Details follow:
Wojciech Purczynski discovered that the vmsplice system call did
not properly perform verification of user-memory pointers. A local
attacker could exploit this to overwrite arbitrary kernel memory
and gain root privileges. (CVE-2008-0600)
You can read here for more explications on this vmsplice problem.
Ubuntu 6.10/7.04/7.10 patched it on Feb. 12.When the word of this problem first came out, it was thought to only affect 2.6.23 and 2.6.24 kernels (...) In fact, the vulnerability was the result of a different problem - and it is a much worse one, in that kernels all the way back to 2.6.17 are affected. At this point, a large proportion of running Linux systems are vulnerable.
K.I.S.S. ===> "Keep It Simple, Stupid"
"Simplicity is the ultimate sophistication." (Leonardo da Vinci)
"Everything should be made as simple as possible, but no simpler." (Albert Einstein)
"Simplicity is the ultimate sophistication." (Leonardo da Vinci)
"Everything should be made as simple as possible, but no simpler." (Albert Einstein)
Re: Linux Kernel Vunerability
Related kernel patches were moved from Level 5 to Level 3.
Clem.
Clem.
Re: Linux Kernel Vunerability
Will this break my nvidia and vbox drivers?
Re: Linux Kernel Vunerability
You tell us
Since it's the same kernel I very much doubt so. But if it does please tell us immediately so we put this back to level 5. You know my position when it comes to stability vs security.
Clem.
Since it's the same kernel I very much doubt so. But if it does please tell us immediately so we put this back to level 5. You know my position when it comes to stability vs security.
Clem.
Re: Linux Kernel Vunerability
Well, since Clem put me up to the challenge I took the kernel updates, did a restart and everything works fine. Safe and secure again. hehehe
Re: Linux Kernel Vunerability
I'm glad to report, that my machine running ATI restricted drives+xgl+compiz-fusion survived well too.
Re: Linux Kernel Vunerability
I've updated the kernel and everything works fine for me too (I'm using the unrestricted drivers)
Re: Linux Kernel Vunerability
I feel a bit guilty here - but it was stated as above in the official announcement I was told
Sorry to have misinformed - will change the newsletter too
Sorry to have misinformed - will change the newsletter too
Re: Linux Kernel Vunerability
Has anyone realized that kernel updates are showing up in mintUpdate as Level 3 - Safe to Install? I've attached a screenshot. Not sure what happened, but I NEVER do kernel updates and I almost screwed myself into a driver re-compiling nightmare. FYI...
--Akshun J
--Akshun J
Re: Linux Kernel Vunerability
Yes, these particular versions of the kernel were moved to Level 3 (see above in the thread).
Clem
Clem
Re: Linux Kernel Vunerability
Sorry, I wasn't reading as thoroughly as I should. It looks like this upgrade won't break drivers. Very nice. Thanks!clem wrote:Yes, these particular versions of the kernel were moved to Level 3 (see above in the thread).
Clem
--Akshun J
-
- Level 3
- Posts: 110
- Joined: Tue Jun 26, 2007 5:06 am
- Location: Wirral, UK
- Contact:
Re: Linux Kernel Vunerability
Hi!
I heard the news some time ago but I thought i didn't have to bother since I'm behind a router. Anyway, I might just as well go and install the upgrade, but... I don't know if it is only the linux-image package that is required or should I install linux-headers as well (or maybe anything else too?).
Thanx!
I heard the news some time ago but I thought i didn't have to bother since I'm behind a router. Anyway, I might just as well go and install the upgrade, but... I don't know if it is only the linux-image package that is required or should I install linux-headers as well (or maybe anything else too?).
Thanx!
Re: Linux Kernel Vunerability
It's only some headers
And it's only if you have more than one user that something bad could happen
But on the other hand we all have at least two users - root and the "Superuser"
And it's only if you have more than one user that something bad could happen
But on the other hand we all have at least two users - root and the "Superuser"
-
- Level 3
- Posts: 110
- Joined: Tue Jun 26, 2007 5:06 am
- Location: Wirral, UK
- Contact:
Re: Linux Kernel Vunerability
Sorry, I don't really understand. When I mark linux-image synaptic doesn't tell me to install anything else, but that feels quite wrong. So I attach a picture of the upgradable kernel packages and if you could tell me what is necessary and useful.Husse wrote:It's only some headers
And it's only if you have more than one user that something bad could happen
But on the other hand we all have at least two users - root and the "Superuser"
Thanks!
Re: Linux Kernel Vunerability
You should use mintUpdate and then you get the right headers