Urgent and Important: Security fault

Ik was er inmiddels achter via dit tooltje https://www.ksplice.com/uptrack/cve-2010-3081

dat deze exploit niet (meer) werkt op deze kernel

Kan iemand zeggen of CVE-2010-3081 hiermee ook gefixt is?

Dit artikel geeft info over beide exploits:
http://blog.rack911.com/tag/cve-2010-3301
Heb ik dan die laatste patch?

Hello,
IF
you have a dedicated server
AND
it runs on Linux
AND
He is 64-bit
THEN
your server is hackable!

You NEED to update it! Do not wait!

The exploit, which provides the root is publicly
available.

What to do?
------------
Must update the kernel of your server.

How?
---------
- If you are in "total security":
you received an email from planning reboot
server, you have nothing to do

- If you are in "netboot" / RPS / Cloud:
just reboot your server.

- If you're kernel Manual ":
you have the new kernels
ftp://ftp.ovh.net/made-in-ovh/bzImage/
is the bzImage-2.6.34.6-xxxx

- If you compile:
on kernel.org sources are vulnerable. Must
patch. Only 2.6.36-RC4 is patched. (To be confirmed,
we were quickly checked).

After setting up the kernel you should see this:
* # Uname-a
XXXXXXX Linux 2.6.34.6-xxxx-std-ipv6-64 # 3 SMP Fri September 17
^^^^^^^^

We must see 2.6.34.6.

PS. Now there is only one nucleus (IPv4 IPv6)
named bzImage-xxxx-xxxx-ipv6

Detail:
-------
A security vulnerability (CVE-2010-3301) to obtain
local root privilege has been (re) discovery
at the 32bit emulation on 64bit systems.

All 64bit kernels since 2.6.27 are vulnerable.

For history, the flaw was fixed in 2007
2.6.22.7 (CVE-2007-4573), but regression occurred
in 2008.

[Explanations and achievement: http://sota.gen.nz/compat2/]

Regards
Octave

---------

Even upgraden dan maar

Hello,

IF

you have a dedicated server

AND

it uses Linux

AND

it is 64-bit

THEN

your server is hackable !!!

You NEED to update it!! Do not wait!!!

The exploit providing the root is publicly available.

What to do?
------------
You must update the kernel of your server.

How ?
---------
- if you are in "total security":
You have received an email planning a reboot of the server, you have nothing to do

- If you are in "netboot" / RPS / Cloud:
just reboot your server.

- If you're "Manual kernel":
you have the new kernels on
ftp://ftp.ovh.net/made-in-ovh/bzImage/
It is the bzImage-2.6.34.6-xxxx

- if you compile:
the sources on kernel.org are vulnerable. It must be patched. Only 2.6.36-RC4 is patched. (To be confirmed, we are quickly checking).

After setting up the kernel you should see this:
#*uname -a
Linux XXXXXXX 2.6.34.6-xxxx-std-ipv6-64 #3 SMP Fri Sep 17
^^^^^^^^

We must see 2.6.34.6.

PS. Now there is only one kernel (IPv4 + IPv6) called bzImage-xxxx-ipv6-xxxx

Detail:
-------

to obtain local root privileges just

A security fault (CVE-2010-3301) allowing the obtaining locally of root privileges to be (re)discovered for 32-bit emulation on the 64-bit systems.

All 64-bit kernels since 2.6.27 are vulnerable.

For history, the flaw had been fixed in 2007 in the 2.6.22.7 (CVE-2007-4573), but a decline occurred in 2008.

[explications and exploit: http://sota.gen.nz/compat2/]

All the best,
Octave