KDA have been a true partner to our business. Over a number of years they have proven themselves to be consistently reliable, dedicated and able to provide excellent service. I... [more]Solid State Group

Linux Vulnerability CVE-2010-3081 – Local but serious

Tel: 0800 542 9764

As many of you will no doubt be aware there has recently been a vulnerability with 64bit Linux announced that allows a local system user to gain root level system access. Whilst these things do happen from time to time, the problem at the moment is that a lot of vendors do not have a new kernel with the security hole patched. To make things worse, the exploit that is out in the wild installs a back door in to your systems as well, so even when patched they will still have root level access to your system!

Whilst many are saying this isn’t a major issue as it is only exploitable by having local machine access, it’s actually bigger than a lot of people realise in a web hosting environment as users are allowed to execute their own PHP and Perl code or install 3rd part scripts – what we’re seeing lately is that many such user and 3rd party applications have many holes in them that allow arbitrary code to be executed or even uploaded on to servers and then executed. Both situations effectively give a local user account (that of the web server user, or the account user depending on how the system is configured). One of the biggest causes of such problems are scripts that allow users to upload images or other files to a website – the vast majority of them do not check to make sure it is an image, or a PDF or a text file etc. that is uploaded – we’ve seen recently that a lot of these scripts allow users to upload PHP scripts for example instead of an image and of course once it’s in the images directory it can be executed like any other PHP.

There is currently a workaround for the specific exploit out in the wild, but they do not protect from any new exploits that may utilise the same security hole. The only solution ready at the moment appears to be that from KSplice.com – Which our managed hosting customers will be pleased to know we’ve been installing on all of your servers for the past few weeks now. For our un-managed customers you can also have KSplice but unfortunately for you there is a small charge for this, of £2.50 + VAT per copy – If you would like it installing then please open a ticket with us and we’ll get it done for you ASAP.

Leave a Comment