> -----Original Message-----
> From: Testbed Support for GridPP member institutes [mailto:TB-
>
> I'm suprised there is no discussion about "CVE-2009-2692 local root
> vulnerability, exploits in the wild"
> going on. Given our current down state we are considering turning off
> our UI access over the weekend while we
> consider our next move.
>
> What are others doing?
>
Investigating, mostly. So far I've set the Oxford queues to drain so
that
when there is a kernel update available we'll be quiet enough to reboot
most of the WNs into it quickly without too much collateral damage to
running jobs. In the meantime a few quick tests suggest that the
published
exploit works on SL4 with SElinux either enabled or disabled, and SL5
with
SElinux enabled (yes, somewhat ironic after yesterday's discussion).
The RedHat bug report for this:
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-2692
has a workaround that looks suitable for deployment to a running system;
it essentially consists of disabling the loading of the vulnerable
kernel
modules, which should, I think, be harmless, but I've not tried it as
yet.
Ewan
|