vserver development mailing list: Re: [Vserver] ELF Loader Bug exploitable inside a vServer

Re: [Vserver] ELF Loader Bug exploitable inside a vServer:
vserver development mailing list
[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]

About this list	Date view	Thread view	Subject view	Author view	Attachment view

From: Herbert Poetzl (herbert_at_13thfloor.at)
Date: Fri 13 May 2005 - 06:34:59 BST

Previous message: Herbert Poetzl: "Re: [Vserver] Re: debian kernel 2.6.8 questions"
In reply to: Michal Ludvig: "Re: [Vserver] ELF Loader Bug exploitable inside a vServer"
Next in thread: Oliver Welter: "Re: [Vserver] ELF Loader Bug exploitable inside a vServer"
Reply: Oliver Welter: "Re: [Vserver] ELF Loader Bug exploitable inside a vServer"

On Fri, May 13, 2005 at 02:43:50PM +1200, Michal Ludvig wrote:
> Herbert Poetzl wrote:
> > On Thu, May 12, 2005 at 01:43:09PM +0200, Oliver Welter wrote:
> >
> >>serious problem:
> >>I read about the new BufferOverflow in the kernel's ELF Loader - it
> >>seems that an unprivileged attacker can start process in the kernels
> >>context..
> >
> >
> > details?
> >
> > - which issue?
>
> Core dump privilege escallation.
> http://isec.pl/vulnerabilities/isec-0023-coredump.txt
>
> > - what kernels are affected?
>
> Almost all 2.2, 2.4, 2.6 up to the *most* recent.
>
> > - how does the 'exploit' look like?
>
> Specially crafted ELF binary can be used to overwrite kernel memory on
> coredump.
>
> >>Is it possible to break out of a vServer with this Bug ?
> >
> > depends, if you can create kernel processess, they
> > certainly can circumvent _any_ kernel side protection
> > so if done probably, I'd say so ...
>
> Probably yes. Hotfix as suggested by the paper: disable coredumps.

yup, but better upgrade to 2.6.11.9-vs2.0-rc1 ;)

best,
Herbert

> Michal Ludvig
> --
> * Personal homepage: http://www.logix.cz/michal
> _______________________________________________
> Vserver mailing list
> Vserver_at_list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver
_______________________________________________
Vserver mailing list
Vserver_at_list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Previous message: Herbert Poetzl: "Re: [Vserver] Re: debian kernel 2.6.8 questions"
In reply to: Michal Ludvig: "Re: [Vserver] ELF Loader Bug exploitable inside a vServer"
Next in thread: Oliver Welter: "Re: [Vserver] ELF Loader Bug exploitable inside a vServer"
Reply: Oliver Welter: "Re: [Vserver] ELF Loader Bug exploitable inside a vServer"

About this list	Date view	Thread view	Subject view	Author view	Attachment view

[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
Generated on Fri 13 May 2005 - 06:35:20 BST by hypermail 2.1.3