Safe to assume that systems that use the ASL kernel are not impacted by the 'Dirty Cow' escalation (CVE-2016-5195)? Noticed a new ASL kernel out for a 6.x box (3.2.69-82) but not an older 5.x box (still running 3.2.69-81) so was wondering if related or coincidental. Assuming that -81 is fine but figured to ask JIC.
Thanks.
Kernel Question
Re: Kernel Question
The ASL kernels previous to 3.2.69-82 are vulnerable to CVE-2016-5195.
The 82-release specifically contains the patch that fixes this vulnerability.
The 82-release specifically contains the patch that fixes this vulnerability.
Lemonbit Internet Dedicated Server Management
Re: Kernel Question
prupert:
Thank you.
Scott/Mike:
What's the ETA on the RHEL/CentOS 5.x kernel update?
Thank you.
Scott/Mike:
What's the ETA on the RHEL/CentOS 5.x kernel update?
- mikeshinn
- Atomicorp Staff - Site Admin
- Posts: 4149
- Joined: Thu Feb 07, 2008 7:49 pm
- Location: Chantilly, VA
Re: Kernel Question
Its in final QA, as an aside, if you put your users in the "untrusted" group, that exploit wont work regardless of what ASL kernel you are using.
http://wiki.atomicorp.com/wiki/index.ph ... STED_USERS
Alternatively, you can switch the logic in ASL to define a trusted group, and then all your users are untrusted by default.
http://wiki.atomicorp.com/wiki/index.ph ... OUP_POLICY
Either way, if you are using that feature, even if the kernel is not patched for this they wont be able to run the exploit on your system. In general, I recommend you use TPE, because its entire focus is to prevent users from uploading code and running it on your system. Web users shouldnt be uploading binaries anyway, so its impact on web users should be very minimal (and you can always tell the system to trust either that user, or just the app they uploaded). This will protect you from future vulnerabilities, regardless of the state of the kernel. If they cant run the exploit, its moot.
http://wiki.atomicorp.com/wiki/index.ph ... STED_USERS
Alternatively, you can switch the logic in ASL to define a trusted group, and then all your users are untrusted by default.
http://wiki.atomicorp.com/wiki/index.ph ... OUP_POLICY
Either way, if you are using that feature, even if the kernel is not patched for this they wont be able to run the exploit on your system. In general, I recommend you use TPE, because its entire focus is to prevent users from uploading code and running it on your system. Web users shouldnt be uploading binaries anyway, so its impact on web users should be very minimal (and you can always tell the system to trust either that user, or just the app they uploaded). This will protect you from future vulnerabilities, regardless of the state of the kernel. If they cant run the exploit, its moot.
Michael Shinn
Atomicorp - Security For Everyone
Atomicorp - Security For Everyone
Re: Kernel Question
Thanks for the update.
Re: Kernel Question
Kernel 3.2.69-82 is now available for EL5 platforms
Lemonbit Internet Dedicated Server Management