cPanel Security Update:  Linux Kernel Vulnerability

Recently, a local vulnerability has been discovered that affects all Linux kernels released since early 2001.

In short, there was a NULL pointer dereference in the kernel, which a user can map at address zero in order to bypass mmap_min_addr. This allows malicious users to execute shell code which, in turn, grants the user a root shell.

This vulnerability is covered in length at the following sites:
http://www.securityfocus.com/bid/36038
https://bugzilla.redhat.com/show_bug.cgi?id=516949

You can see many other references here:
http://www.securityfocus.com/bid/36038/references

Fix for cPanel Servers
In the tickets we have received so far, an insecure PHP script was almost always remotely exploited to give a hacker the rights of the user owning the site or script. Once that was done, the hacker gained shell access and ran any of a variety of shell exploit scripts available on the Internet.

For the majority of our clients, if yum is working correctly on the server, running the ‘yum update’ command will, in fact, download and install the new kernel.* However, the server administrator must reboot the server in order for the new kernel to be put in place. This step is essential and should fix the problem for RHEL 3, 4, and 5, Fedora 10 and 11, and CentOS 3, 4, and 5.

*Note: If yum install fails with the following message:

Traceback (most recent call last):
File "/usr/bin/yum", line 29, in ?
...
TypeError: unsubscriptable object

you may be able to resolve the issue, and continue installation, by running the yum clean all command.

Posted in: News, Security | Tagged: