From: Herbert Poetzl (herbert_at_13thfloor.at)
Date: Fri 13 May 2005 - 06:34:59 BST
On Fri, May 13, 2005 at 02:43:50PM +1200, Michal Ludvig wrote:
> Herbert Poetzl wrote:
> > On Thu, May 12, 2005 at 01:43:09PM +0200, Oliver Welter wrote:
> >
> >>serious problem:
> >>I read about the new BufferOverflow in the kernel's ELF Loader - it
> >>seems that an unprivileged attacker can start process in the kernels
> >>context..
> >
> >
> > details?
> >
> > - which issue?
>
> Core dump privilege escallation.
> http://isec.pl/vulnerabilities/isec-0023-coredump.txt
>
> > - what kernels are affected?
>
> Almost all 2.2, 2.4, 2.6 up to the *most* recent.
>
> > - how does the 'exploit' look like?
>
> Specially crafted ELF binary can be used to overwrite kernel memory on
> coredump.
>
> >>Is it possible to break out of a vServer with this Bug ?
> >
> > depends, if you can create kernel processess, they
> > certainly can circumvent _any_ kernel side protection
> > so if done probably, I'd say so ...
>
> Probably yes. Hotfix as suggested by the paper: disable coredumps.
yup, but better upgrade to 2.6.11.9-vs2.0-rc1 ;)
best,
Herbert
> Michal Ludvig
> --
> * Personal homepage: http://www.logix.cz/michal
> _______________________________________________
> Vserver mailing list
> Vserver_at_list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver
_______________________________________________
Vserver mailing list
Vserver_at_list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver