Alert.png The wiki is deprecated and due to be decommissioned by the end of September 2022.
The content is being migrated to other supports, new updates will be ignored and lost.
If needed you can get in touch with EGI SDIS team using operations @ egi.eu.

EGI CSIRT:Alerts/cve-2009-3547

From EGIWiki
Revision as of 11:36, 18 December 2010 by Sveng (talk | contribs) (Created page with ' CVE-2009-3547: 7 days notice to the affected sites before suspension From: Romain Wartel <Romain.Wartel@cern.ch> To: "project-eu-egee-roc-security-coordination (EGEE Oper…')
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search 
CVE-2009-3547: 7 days notice to the affected sites before suspension
From: 
Romain Wartel <Romain.Wartel@cern.ch>
 To: 
"project-eu-egee-roc-security-coordination (EGEE Operational Security Coordination Team)" <project-eu-egee-roc-security- coordination@cern.ch>
 Date: 
Tue Nov 24 10:42:19 2009



Dear all,

As discussed, I think the 50 sites or so still running worker nodes vulnerable to CVE-2009-3547 
(trivial root escalation) should be  contacted and given 7 days to upgrade, and then be suspended.

Could please all the ROC Security Contacts inform the site CSIRTs and site security contacts of 

the affected sites, and ensure action is taken? I suggest using the following template.

As discussed, if a site cannot upgrade (for instance, still awaits third party kernel modules) but meets 

all the technical criteria to implement the mmap_min_addr workaround (it would be your responsibility to check),
this is of course OK.

-- 
Dear Site security contact and site CSIRT,

Alerts have been sent recently about the critical kernel security vulnerability identified as CVE-2009-3547, for instance:
https://cic.gridops.org/index.php?section=cod&page=broadcast_archive&step=2&typeb=C&idbroadcast=44123

Unfortunately, our monitoring system has detected vulnerable worker nodes at your site, revealing the any malicious
grid job could  gain root access on the affected worker nodes. Therefore we would like to ask you to:

- Urgently take action and apply the relevant kernel patches to address the vulnerability
- Report back on the patching status of your site by replying to this email in the NEXT 24 HOURS
- Indicate what process will be implemented to ensure security patches will be applied in a timely manner in
the future, especially when alerted about significant risks by EGEE OSCT security bulletins

If no action is taken urgently on your side, I regret to inform you your SITE will be SUSPENDED in 7 DAYS
from the production grid infrastructure as a precautionary measure.

Please do not hesitate to contact me for additional details, or for any assistance you may need.
--

--
Romain Wartel                                           Romain.Wartel@cern.ch
EGEE Operational Security Coordination Team
C.E.R.N.                                                                http://www.cern.ch/LCG
Information Technology Division         http://www.eu-egee.org/security
Bat.28-R-016                                            http://cern.ch/security
CH-1211 Geneva 23, Switzerland
Retrieved from "https://wiki.egi.eu/w/index.php?title=EGI_CSIRT:Alerts/cve-2009-3547&oldid=7192"