New critical sudo vulnerability - CVE-2021-3156

Support for security such as Firewalls and securing linux
User avatar
TrevorH
Site Admin
Posts: 33191
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: New critical sudo vulnerability - CVE-2021-3156

Post by TrevorH » 2021/03/05 17:40:23

Sorry, you may not like it but it's the way that it is and you have to work out how to work around this. CentOS 6 is dead and there will be no more updates for it. Since the alternative to replacing CentOS 6 is to have live, exploitable code running on your servers, that is not an alternative. You have to do something.

My own personal thoughts are that with hardware of that age, it's probably burning electricity at a rate that means that within a year or so, you could pay for an entirely new replacement low energy machine that will most likely be more compute powerful than whatever old clunker you're running now. Not to mention that old machines have parts that fail more often..

Your alternative is to set up your own build environment and start learning how to patch things. And that will be difficult - to use the sudo example, the patch for CentOS 7 does not apply to the sudo code from CentOS 6. It tries to patch several non-existent files and fails. So you're going to need at least a passing familiarity with C coding and then you're going to need to work out how to back port those el7 patches to el6 and, by the sounds of it, el5 which is hideously out of date and insecure.

Failing all that, you'll have to find a distro that runs antiquated packages and libraries on which you can run your old out of date applications.

Did you even try running them on a modern distro?
Sometimes we just need an answer to our question, even if that answer is "I don't know" or "that is not possible".
OK. That is not possible.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

Post Reply