A recent article on Linux security showed that an old backdoor (cve-2007-4573), patched in kernel 2.6.22.7, has resurfaced.
Using the leak, any user that has a local user account on a 64 bit server, can easily get root rights, using the compatibility layer. While I don't fully understand the workings, I do understand that all OEL4/OEL5 64 bit servers are potentially harmed as they have kernels 2.6.9 and 2.6.18, resp. So I logged a SR on Metalink to see if I have a big security issue in the data center.
Update: CVE-2007-4573 has been renamed CVE-2010-3301 and RHEL states:
Update2: the issue is also listed as CVE-2010-3081, which is slightly different and Red Hat does track this one, as it affects RHEL5.
Update3: Ksplice has a test available to verify your system does not leave backdoors open, even after patching the exploit. Red Hat has issued a patch for its affected 64 bit systems.
Using the leak, any user that has a local user account on a 64 bit server, can easily get root rights, using the compatibility layer. While I don't fully understand the workings, I do understand that all OEL4/OEL5 64 bit servers are potentially harmed as they have kernels 2.6.9 and 2.6.18, resp. So I logged a SR on Metalink to see if I have a big security issue in the data center.
Update: CVE-2007-4573 has been renamed CVE-2010-3301 and RHEL states:
This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, 5, and Red Hat Enterprise MRG, as they do not contain the upstream commit d4d67150 that introduced this flaw.
Update2: the issue is also listed as CVE-2010-3081, which is slightly different and Red Hat does track this one, as it affects RHEL5.
Update3: Ksplice has a test available to verify your system does not leave backdoors open, even after patching the exploit. Red Hat has issued a patch for its affected 64 bit systems.
Comments