Linode.com Forum

[caker]

The latest stable 2.4 kernel has been made available. This is the most current 2.4 kernel.

Security

This kernel contains the fix for the root exploit that was used to compromise Debian's servers...
Quote:
Full Link Here

Recently multiple servers of the Debian project were compromised using a
Debian developers account and an unknown root exploit. Forensics
revealed a burneye encrypted exploit. Robert van der Meulen managed to
decrypt the binary which revealed a kernel exploit. Study of the exploit
by the RedHat and SuSE kernel and security teams quickly revealed that
the exploit used an integer overflow in the brk system call. Using
this bug it is possible for a userland program to trick the kernel into
giving access to the full kernel address space. This problem was found
in September by Andrew Morton, but unfortunately that was too late for
the 2.4.22 kernel release.

This bug has been fixed in kernel version 2.4.23 for the 2.4 tree and
2.6.0-test6 kernel tree. For Debian it has been fixed in version
2.4.18-12 of the kernel source packages, version 2.4.18-14 of the i386
kernel images and version 2.4.18-11 of the alpha kernel images.

It is not known for certain if this affects UML based kernels, but a reboot is strongly recommended.

Performance

2.4.23 contains improvements over 2.4.22 which affect the performance of swap and memory management. I know some of you have been running 2.4.23-pre8-linode11-5um for some time and have reported improved performance. You should also switch to this kernel, or better yet, select "Latest 2.4 Series".

My hope is that this will improve overall disk I/O performance on the host.

How to Upgrade

See if you're already running 2.4.23-linode16-6um by viewing the output of "uname -a" inside your Linode. If not, follow this procedure:

:arrow: Log into the Linode Platform Manager (LPM)
:arrow: Configuration Profiles --> Click on your configuration profile
:arrow: Make sure the Kernel drop-down has "Latest 2.4 Series" selected and Save
:arrow: Reboot your Linode

Thanks and enjoy!

-Chris

[caker]

Mikegrb informed me of this SecurityFocus link to some test asm code, and indeed it crashed the 2.4.22-linode12-6um kernel, and worked correctly on 2.4.23-linode16-6um. So, it looks like this exploit does affect UML based kernels.

Upgrade now ;)

-Chris

[proane]

I dont know if its just my box or what but, when I was running on 2.4.21, I could login within 5 seconds. Now that I upgraded to the new kernel it takes FOREVER to login. It waits at least 30 seconds before it prompts me for a password.

Kinda wish I hadnt of upgraded, hopefully downgrading to 2.4.21 will fix this.

Just a kind warning for anyone upgrading.

[caker]

I would be careful posting advice such as this -- give it some more time, it could have been anything (network, dns problem, caching, swap, cold-start, host load, etc).

The security vulnerability exists in 2.4.21, too.

-Chris

[rhashimoto]

caker wrote: So, it looks like this exploit does affect UML based kernels.

What about vulnerability of the host kernel? Is this an issue with that as well?

Roy

[Bill Clinton]

rhashimoto wrote:
What about vulnerability of the host kernel? Is this an issue with that as well?


No, that is one of the amazing things about UML.

Bill Clinton

[rhashimoto]

Bill Clinton wrote: rhashimoto wrote:
What about vulnerability of the host kernel? Is this an issue with that as well?


No, that is one of the amazing things about UML.
Hmm. Let's say that someone running a pre-2.4.23 UML kernel gets compromised. This bug provides access to the kernel address space. Isn't the kernel just another user-space process on the host? Why wouldn't it be possible to repeat the exploit from the UML kernel to get access to the host kernel address space?

Roy