CVE-2010-3847

There is a new linux root exploit through glibc CVE-2010-3847. This exploit can be used to gain root access by a “local user”. Of course, being in the web hosting industry a local user can be an exploitable script, a customer, a php or cgi shell and on and on. Affected are RHEL and CentOS 5.

No glibc update has been released yet by RedHat.

I have released a new admin script and a testing repo on the InterServer yum repo. The admin script is /admin/updatefromtesting and there are glibc updates for CentOS 5.

You can get this by running

/admin/upscripts

If you do not have the admin scripts run

rsync -a rsync://mirror.trouble-free.net/admin /admin

Before use, you will need to run either

ln -s /admin/testing.repo /etc/yum.repos.d/testing.repo

or

cp /admin/testing.repo /etc/yum.repos.d/testing.repo

Then run

/admin/updatefromtesting

This repo is not enabled by default. So what is really happening is yum is being called as yum –enablerepo=tf-testing update

Future updates will not use this repo. In fact, I do not have plans on keeping the testing repo – we will see.

I expect the glibc update from redhat to apply over the testing repo. However this is glibc, so use at your own risks. If you are an InterServer customer contact support for help with this update.

I have tested the update on multiple servers and have build for i386 and x86_64.

The repo, including srpm, is at http://mirror.trouble-free.net/tf/testing/5.5/

Leave a Reply

Your email address will not be published. Required fields are marked *