About this list Date view Thread view Subject view Author view Attachment view

From: Michal Ludvig (michal_at_logix.cz)
Date: Fri 13 May 2005 - 03:43:50 BST


Herbert Poetzl wrote:
> On Thu, May 12, 2005 at 01:43:09PM +0200, Oliver Welter wrote:
>
>>serious problem:
>>I read about the new BufferOverflow in the kernel's ELF Loader - it
>>seems that an unprivileged attacker can start process in the kernels
>>context..
>
>
> details?
>
> - which issue?

Core dump privilege escallation.
http://isec.pl/vulnerabilities/isec-0023-coredump.txt

> - what kernels are affected?

Almost all 2.2, 2.4, 2.6 up to the *most* recent.

> - how does the 'exploit' look like?

Specially crafted ELF binary can be used to overwrite kernel memory on
coredump.

>>Is it possible to break out of a vServer with this Bug ?
>
> depends, if you can create kernel processess, they
> certainly can circumvent _any_ kernel side protection
> so if done probably, I'd say so ...

Probably yes. Hotfix as suggested by the paper: disable coredumps.

Michal Ludvig

-- 
* Personal homepage: http://www.logix.cz/michal
_______________________________________________
Vserver mailing list
Vserver_at_list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver


About this list Date view Thread view Subject view Author view Attachment view
[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
Generated on Fri 13 May 2005 - 03:44:21 BST by hypermail 2.1.3