EGI CSIRT:Alerts/cve-2009-3547
Jump to navigation
Jump to search
CVE-2009-3547: 7 days notice to the affected sites before suspension From: Romain Wartel <Romain.Wartel@cern.ch> To: "project-eu-egee-roc-security-coordination (EGEE Operational Security Coordination Team)" <project-eu-egee-roc-security- coordination@cern.ch> Date: Tue Nov 24 10:42:19 2009
Dear all, As discussed, I think the 50 sites or so still running worker nodes vulnerable to CVE-2009-3547 (trivial root escalation) should be contacted and given 7 days to upgrade, and then be suspended.
Could please all the ROC Security Contacts inform the site CSIRTs and site security contacts of
the affected sites, and ensure action is taken? I suggest using the following template.
As discussed, if a site cannot upgrade (for instance, still awaits third party kernel modules) but meets
all the technical criteria to implement the mmap_min_addr workaround (it would be your responsibility to check), this is of course OK. -- Dear Site security contact and site CSIRT, Alerts have been sent recently about the critical kernel security vulnerability identified as CVE-2009-3547, for instance: https://cic.gridops.org/index.php?section=cod&page=broadcast_archive&step=2&typeb=C&idbroadcast=44123 Unfortunately, our monitoring system has detected vulnerable worker nodes at your site, revealing the any malicious grid job could gain root access on the affected worker nodes. Therefore we would like to ask you to: - Urgently take action and apply the relevant kernel patches to address the vulnerability - Report back on the patching status of your site by replying to this email in the NEXT 24 HOURS - Indicate what process will be implemented to ensure security patches will be applied in a timely manner in the future, especially when alerted about significant risks by EGEE OSCT security bulletins If no action is taken urgently on your side, I regret to inform you your SITE will be SUSPENDED in 7 DAYS from the production grid infrastructure as a precautionary measure. Please do not hesitate to contact me for additional details, or for any assistance you may need. -- -- Romain Wartel Romain.Wartel@cern.ch EGEE Operational Security Coordination Team C.E.R.N. http://www.cern.ch/LCG Information Technology Division http://www.eu-egee.org/security Bat.28-R-016 http://cern.ch/security CH-1211 Geneva 23, Switzerland