CVE-2010-3856

A new glibc exploit has been disclosed under CVE-2010-3856. Unlike the last glibc exploit a few days ago you do not get direct root access, but you can create files/dirs in root owned paths. I expect an update from RedHat with in the next 24 – 48 hours.

I released a glibc update for the last glibc update in a testing repo. It looks like I will be keeping the testing repo for some time. Here is how to get the latest glibc update (a copy of my previous post)

Run /admin/updatefromtesting and there are glibc updates for CentOS 5.

You can get this by running

/admin/upscripts

If you do not have the admin scripts run

rsync -a rsync://mirror.trouble-free.net/admin /admin

Before use, you will need to run either

ln -s /admin/testing.repo /etc/yum.repos.d/testing.repo

or

cp /admin/testing.repo /etc/yum.repos.d/testing.repo

Then run

/admin/updatefromtesting

This repo is not enabled by default. So what is really happening is yum is being called as yum –enablerepo=tf-testing update

The testing repo will stay around for a bit longer. If you are a current InterServer customer please contact support.

I have tested this update on multiple i386 and x86_64 systems and have seemed it stable. However, using the testing repo is not an official update from RedHat or CentOS.

The repo, including srpm, is at http://mirror.trouble-free.net/tf/testing/5.5/

CVE-2010-3847

There is a new linux root exploit through glibc CVE-2010-3847. This exploit can be used to gain root access by a “local user”. Of course, being in the web hosting industry a local user can be an exploitable script, a customer, a php or cgi shell and on and on. Affected are RHEL and CentOS 5.

No glibc update has been released yet by RedHat.

I have released a new admin script and a testing repo on the InterServer yum repo. The admin script is /admin/updatefromtesting and there are glibc updates for CentOS 5.

You can get this by running

/admin/upscripts

If you do not have the admin scripts run

rsync -a rsync://mirror.trouble-free.net/admin /admin

Before use, you will need to run either

ln -s /admin/testing.repo /etc/yum.repos.d/testing.repo

or

cp /admin/testing.repo /etc/yum.repos.d/testing.repo

Then run

/admin/updatefromtesting

This repo is not enabled by default. So what is really happening is yum is being called as yum –enablerepo=tf-testing update

Future updates will not use this repo. In fact, I do not have plans on keeping the testing repo – we will see.

I expect the glibc update from redhat to apply over the testing repo. However this is glibc, so use at your own risks. If you are an InterServer customer contact support for help with this update.

I have tested the update on multiple servers and have build for i386 and x86_64.

The repo, including srpm, is at http://mirror.trouble-free.net/tf/testing/5.5/