From: Michal Ludvig (michal_at_logix.cz)
Date: Fri 13 May 2005 - 03:43:50 BST
Herbert Poetzl wrote:
> On Thu, May 12, 2005 at 01:43:09PM +0200, Oliver Welter wrote:
>
>>serious problem:
>>I read about the new BufferOverflow in the kernel's ELF Loader - it
>>seems that an unprivileged attacker can start process in the kernels
>>context..
>
>
> details?
>
> - which issue?
Core dump privilege escallation.
http://isec.pl/vulnerabilities/isec-0023-coredump.txt
> - what kernels are affected?
Almost all 2.2, 2.4, 2.6 up to the *most* recent.
> - how does the 'exploit' look like?
Specially crafted ELF binary can be used to overwrite kernel memory on
coredump.
>>Is it possible to break out of a vServer with this Bug ?
>
> depends, if you can create kernel processess, they
> certainly can circumvent _any_ kernel side protection
> so if done probably, I'd say so ...
Probably yes. Hotfix as suggested by the paper: disable coredumps.
Michal Ludvig
-- * Personal homepage: http://www.logix.cz/michal _______________________________________________ Vserver mailing list Vserver_at_list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver