-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Aruba Product Security Advisory =============================== Advisory ID: Aruba - psa -2016-011 CVE: CVE-2016-5195发布日期:2016-11-04状态:已确认，修正修订:1标题=====“脏牛”Linux内核漏洞(CVE-2016-5195)概述======== Linux内核的内存子系统在处理私有只读内存映射的copy-on-write (Cow)破坏时发现了一个竞争条件。没有特权的本地用户可以利用这个缺陷获得对只读内存映射的写访问，从而增加他们在系统上的特权。多个Aruba产品构建在Linux之上。受影响的产品=================——AirWave(8.2.3之前的所有版本)不受影响的产品===================以下产品可能包含内核漏洞，但因为它们不允许非特权的本地Linux帐户，所以它们不会直接受到攻击。—ClearPass策略管理器—ArubaOS(控制器和交换机)—Aruba Instant—Aruba Central—ALE—Aruba打算通过定期的维护版本对这些产品进行补丁。这将作为“深度防御”最佳安全实践的一部分。AirWave管理平台作为标准的CentOS Linux系统之上的一个应用程序运行。管理员可以作为“根”用户访问Linux shell，如果需要，可以创建额外的Linux shell帐户。如果AirWave系统上没有非特权用户获得本地Linux帐户，则无法利用此漏洞。 Aruba recommends patching the vulnerability regardless, as part of a "defense in depth" approach. Resolution ========== This issue will be resolved in AirWave version 8.2.3, which is scheduled for release in November, 2016. This issue may also be manually patched through the CentOS operating system. RedHat and the CentOS Project have issued a kernel patch to address CVE-2016-5195. To apply the fix, login to the AirWave server as the "root" user over SSH or through the console and issue the following command: yum update --disableexcludes=main kernel Once the fix has been installed, a reboot of the server is required. From the root shell, issue the command "reboot". - - -- If Internet access is not available, the patch may be downloaded, transferred to the system, and applied manually: 1. Download the patch from the following URL (or any other CentOS mirror): ftp://195.220.108.108/linux/centos/6.8/updates/x86_64/Packages/kernel-2.6.32-642.6.2.el6.x86_64.rpm 2. Copy the downloaded RPM file to the AirWave server AMP under the /root folder using WinSCP, OpenSSH, other any other SFTP/SCP copy utility. 3. Apply the RPM. From a root shell: # rpm -Uvh /root/kernel-2.6.32-642.6.2.el6.x86_64.rpm --nodeps 4. Reboot the server by issuing the "reboot" command from the root shell. Workarounds =========== If patching cannot be done immediately, disable unprivileged local Linux accounts temporarily to prevent them from using the vulnerability to escalate privileges. Note: Accounts created within the AirWave Management Platform are not local Linux accounts - they are contained entirely within the application. Revision History ================ Revision 1 / 2016-Nov-04 / Initial release Aruba SIRT Security Procedures ============================== Complete information on reporting security vulnerabilities in Aruba Networks products, obtaining assistance with security incidents is available at: //www.nexbus-cng.com/support-services/security-bulletins/ For reporting *NEW* Aruba Networks security issues, email can be sent to sirt(at)arubanetworks.com. For sensitive information we encourage the use of PGP encryption. Our public keys can be found at: //www.nexbus-cng.com/support-services/security-bulletins/ (c) Copyright 2016 by Aruba, a Hewlett Packard Enterprise company. This advisory may be redistributed freely after the release date given at the top of the text, provided that redistributed copies are complete and unmodified, including all date and version information. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJYHMEXAAoJEJj+CcpFhYbZph8H/1nrFvhGFGpKgs71FrKV1bUl nSZbPjgQWgXTEhl6rMRpg4qK7x0la5emYAC6+xJc2Hw/MZ0YDCLfpy9zh2fHk+cK v39VkgwtiUx3mHUog0DvGPNKnSIb6A2cNMrg8u/r0liDea9W3GfAM4/rOr181SkE C3dkKPB00ITJ7RgQKN2TKqu13Cbd0WOdtDCHo0XyFpo6bTkHajMx2jMizNtNs3o3 0brXiM0twHlAVq05IxcgOexl/j2WrmaRj8WkTzgExQjt4+/bD3FRCYBGk8oFemqw 2OPtbL9XsAufheRyoqWpfIfdyH/6PlcSuCTXiG0+rCCNDnkJxa0QrxDSYoCrjrg= =Vedq -----END PGP SIGNATURE-----