cPanel Security Advisory: CVE-2010-3081

A Linux Kernel Exploit has been released that directly impacts all 64-bit kernels.   It is highly recommended you review the links below to gather more information on this exploit.

cPanel is providing this as information only.  The scope of support that is provided with cPanel/WHM does not include security related operating system support.    Please seek the advice of an expert if you are unsure or have further questions about the workaround or exploit.

This only affects x86_64 machines. Please ignore this message if you are running a i386/32-bit only machine

The below is a temporary workaround for the recent local root security hole in the Linux kernel. This workaround will adversely affect some systems. A partial list of this adverse reactions is listed below. Please think carefully, and seek the advise of an expert if you are unsure if you should apply this workaround. As soon is it becomes available and deemed stable for use, you should get an updated kernel from your Linux kernel vendor.

cPanel/WHM specific items to be aware of.

The below patch will break anything that requires 32-bit compatibility mode. cPanel does distribute true 64 bit binaries. In theory most things should be fine.

echo ':32bits:M:0:x7fELFx01::/bin/echo:' > /proc/sys/fs/binfmt_misc/register

In testing we have found that most things work just fine, however the following issues were discovered:

  • Both courier and MySQL are recompiled from source rather than being installed via RPM. This issue is resolved and will be available in the next 11.27 build. For your convenience we also provide a patch for this, attached to this advisory. To apply this patch:
    • Download the patch to your server
    • Execute the path command via SSH like:
      patch -p0 < courierup-mysqlup-32bitdisabled.patch.txt

Note: if the patch file is not in your current directory you will need to provide the full path to it when passing it to the patch command

  •  Frontpage will not function at all
  • 3rd party 32-bit binary-only Apache and PHP modules may not function properly

References:
http://forums.cpanel.net/f185/x86_64-kernel-exploit-165758.html#post692222
https://www.ksplice.com/uptrack/cve-2010-3081.ssi.xhtml

Posted in: News, Security | Tagged: