Kernel Vulnerability in Elastix 2.0.1

wavesound

Joined
Sep 21, 2009
Messages
3
Likes
0
Points
0
#1
There's a serious vulnerability in the Linux kernel shipped with Elastix 2.0.0, 2.0.1 and potentially 1.6. This vulnerability would allow users to elevate themselves to the root console...

http://bugs.centos.org/view.php?id=4518

Will we be seeing a new kernel in the yum repository or should we plan to patch this manually?
 

doncipo

Joined
Jun 3, 2010
Messages
18
Likes
0
Points
0
#2
I think you guys should really consider upgrading the kernel to latest Centos kernel version for Elastix 1.5, 1.6 and 2.0 or at least publish an "howto build Elastix updated kernel from source".
 

Lee Sharp

Joined
Sep 28, 2010
Messages
332
Likes
0
Points
0
#3
I am lost... This seems to only be on the 2.6.18 branch, and Elastix 2.0.x is on the 2.6.32 branch. I can find no links to this vulnerability on 2.6.32... Am I wrong?
 

rafael

Joined
May 14, 2007
Messages
1,454
Likes
1
Points
0
#4
Re: Re:Kernel Vulnerability in Elastix 2.0.1

Hi guys, can you please post this in the bug track system?
http://bugs.elastix.org

Developers are not here most of the time, but they must read the bug track everytime.

regards,

Rafael
 

doncipo

Joined
Jun 3, 2010
Messages
18
Likes
0
Points
0
#5

Lee Sharp

Joined
Sep 28, 2010
Messages
332
Likes
0
Points
0
#6
Are there? Can you show me a link that talks about this vuln in the 2.6.32 branch?
 

wavesound

Joined
Sep 21, 2009
Messages
3
Likes
0
Points
0
#7
Ubuntu 10.04 LTS: linux-image-2.6.32-24-386 2.6.32-24.43 linux-image-2.6.32-24-386-dbgsym 2.6.32-24.43 linux-image-2.6.32-24-generic 2.6.32-24.43 linux-image-2.6.32-24-generic-dbgsym 2.6.32-24.43 linux-image-2.6.32-24-generic-pae 2.6.32-24.43 linux-image-2.6.32-24-generic-pae-dbgsym 2.6.32-24.43 linux-image-2.6.32-24-ia64 2.6.32-24.43 linux-image-2.6.32-24-ia64-dbgsym 2.6.32-24.43 linux-image-2.6.32-24-lpia 2.6.32-24.43 linux-image-2.6.32-24-lpia-dbgsym 2.6.32-24.43 linux-image-2.6.32-24-powerpc 2.6.32-24.43 linux-image-2.6.32-24-powerpc-dbgsym 2.6.32-24.43 linux-image-2.6.32-24-powerpc-smp 2.6.32-24.43 linux-image-2.6.32-24-powerpc-smp-dbgsym 2.6.32-24.43 linux-image-2.6.32-24-powerpc64-smp 2.6.32-24.43 linux-image-2.6.32-24-powerpc64-smp-dbgsym 2.6.32-24.43 linux-image-2.6.32-24-preempt 2.6.32-24.43 linux-image-2.6.32-24-preempt-dbgsym 2.6.32-24.43 linux-image-2.6.32-24-server 2.6.32-24.43 linux-image-2.6.32-24-server-dbgsym 2.6.32-24.43 linux-image-2.6.32-24-sparc64 2.6.32-24.43 linux-image-2.6.32-24-sparc64-dbgsym 2.6.32-24.43 linux-image-2.6.32-24-sparc64-smp 2.6.32-24.43 linux-image-2.6.32-24-sparc64-smp-dbgsym 2.6.32-24.43 linux-image-2.6.32-24-versatile 2.6.32-24.43 linux-image-2.6.32-24-versatile-dbgsym 2.6.32-24.43 linux-image-2.6.32-24-virtual 2.6.32-24.43
http://www.ubuntu.com/usn/usn-988-1
 

Lee Sharp

Joined
Sep 28, 2010
Messages
332
Likes
0
Points
0
#8
I stand corrected. Good find!
 

doncipo

Joined
Jun 3, 2010
Messages
18
Likes
0
Points
0
#9
Why is this bug taking so long to solve ? Building a new kernel should be a relatively simple task.
 

doncipo

Joined
Jun 3, 2010
Messages
18
Likes
0
Points
0
#10
Yet another important kernel security update issued by RedHat http://rhn.redhat.com/errata/RHSA-2010-0792.html

=======================================================================

This update fixes the following security issue:

* The rds_page_copy_user() function in the Linux kernel Reliable Datagram
Sockets (RDS) protocol implementation was missing sanity checks. A local,
unprivileged user could use this flaw to escalate their privileges.
(CVE-2010-3904, Important)

========================================================================

The actual Elastix kernel is looking like schweitzer cheese :D

C'mon guys this is getting frustrating !
 

donhwyo

Joined
Aug 8, 2008
Messages
293
Likes
0
Points
0
#11
Lee Sharp said:
I am lost... This seems to only be on the 2.6.18 branch, and Elastix 2.0.x is on the 2.6.32 branch. I can find no links to this vulnerability on 2.6.32... Am I wrong?
You must be rolling your own.

uname -r 2.6.18-164.el5 for 1.6x

uname -r 2.6.18-194.3.1.el5 for 2.x

uname -r 2.6.18-194.17.4.el5 for plan centos

Don
 

Members online

Latest posts

Forum statistics

Threads
30,915
Messages
130,920
Members
17,594
Latest member
knethardsolutions
Top