New kernel exploit & Linode - DON'T TRY IT!

You may have heard of the new kernel exploit that recently became public.

I just tried the exploit code on the Linode to see if it was vulnerable. It doesn't give me a root login, but it does hang the "machine", pretty hard, too. Took a few minutes for the Lish-initiated reboot to take effect; I thought I was going to have to fill a support ticket.

Best case scenario seems to be a graceless shutdown, so I would have to stamp it Not Recommended.

11 Replies

Yea… Listen to what he said… Because…. yea…

--Xel

As soon as the kernel devs settle on a fix, I'll be releasing new kernels…

-Chris

ONe of the 'exploits' patch it :)

Find it in the debian bug ticket

I believe GKH just committed the fix for this into 2.6.24.2:

http://www.linode.com/forums/viewtopic.php?t=3104

-Chris

(asking maybe a stupid question)

how can I upgrade to the latest 2.6.24.2 ,without recompiling myself the kernel ?

You can select what kernel you're booting in your profile config in LPM (the members section of linode.com).

-erik

thought so,but my latest 2.6 series is 2.6.18.8 (domU linode5).

Ahh - you're on Xen. The kernel caker just released was a UML kernel. I haven't heard when the Xen kernel will be updated.

considering the big impact of this exploit it would be great to have one also on xen :)

For you Xen people:

http://www.linode.com/forums/viewtopic.php?t=3105

-Chris

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct