Koozali.org: home of the SME Server
  1. Koozali.org: home of the SME Server
  2. Legacy Forums
  3. Experienced User Forum
  4. Topic: SME Kernel Vulnerabilities
« previous next »
Pages: [1]   Go Down

SME Kernel Vulnerabilities

  • 3 Replies
  • 1261 Views

Hilton Travis

SME Kernel Vulnerabilities
« on: January 06, 2004, 10:39:40 AM »
Hi All,

Since the release of the latest SME 5.6 Updates and the SME 6.0 final release there have been vulnerabilities found in the kernel.  I am wondering when Mitel is going to be releasing updates to the kernels in these Mitel releases.

My e-smith box is behind a firewall, but the number of boxes out there acting as a firewall and file server would make these vulnerabilities a possibly critical threat to the security of these boxes/networks.

Alternatively (and preferably), if the .config file for the default kernel and a list of any modifications to the standard kernel source was published, it would make it easy for your users to patch their systems while they are waiting for an official release from Mitel.

Regards,
HiltonT
Logged

Charlie Brady

Re: SME Kernel Vulnerabilities
« Reply #1 on: January 06, 2004, 05:44:25 PM »
Hilton Travis wrote:

> Since the release of the latest SME 5.6 Updates and the SME
> 6.0 final release there have been vulnerabilities found in the
> kernel.

All of those vulnerabilites are only exploitable by local users who are permitted to run arbitrary programs. The SME server configuration has only one such user (root - i.e. you).

> I am wondering when Mitel is going to be releasing
> updates to the kernels in these Mitel releases.

Mitel has never built their own kernels, but has always used RedHat RPMs unmodified.

> My e-smith box is behind a firewall, but the number of boxes
> out there acting as a firewall and file server would make these
> vulnerabilities a possibly critical threat to the security of
> these boxes/networks.

The existance or otherwise of a separate firewall is very unlikely to be an issue - it would only be an issue if there were remotely exploitable vulnerabilities in netfilter.

> Alternatively (and preferably), if the .config file for the
> default kernel and a list of any modifications to the standard
> kernel source was published, ...

It is, in the source RPM for the kernel, available from multiple mirror sites. All SME server source code is, and always has been, published, in source RPM form.

Regards

Charlie
Logged

Anonymous

Re: SME Kernel Vulnerabilities
« Reply #2 on: January 06, 2004, 07:40:27 PM »
If I want to upgrade my kernel anyway, can I upgrade it ? Any potential trouble ?
Logged

Hilton Travis

Re: SME Kernel Vulnerabilities
« Reply #3 on: January 07, 2004, 10:21:25 AM »
Hi,

You can try.  I tried a number of times, and a number of ways.  All went BANG! to some degree, and ALL resulted in a non-working SME once booting into the new kernel.

At least you can boot back into the original kernel thanks to our old friend lilo!  :)

Regards,
HiltonT
Logged
Pages: [1]   Go Up
« previous next »
  1. Koozali.org: home of the SME Server
  2. Legacy Forums
  3. Experienced User Forum
  4. Topic: SME Kernel Vulnerabilities