Re: Root exploit in the wild

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



Frank Cox schrieb:
https://bugzilla.redhat.com/show_bug.cgi?id=432251

Just to clarify it a little bit: These are *local* root exploits, so the enemy has to find a way to get a shell account on your box to escalate his privileges.

I don't want to say that these exploits are harmless (well, there seems to be "only" one with an exploit which affects CentOS 5), but if your boxes are secured from the outside, there's no need to completely panic. Administrators of boxes with shell accounts where not all users are completely trusted or administrators of boxes with rather lose security (you know your cgi scripts - or probably don't) may panic now.

As only Kernel 2.6.17 and above have the vmsplice() system call, CentOS 4 and CentOS 3 (and 2.1) are *not* affected.

And: There seems to be a fix in the making. See the above bugzilla URL.

Warning: There's a "dexploit"-exploit out there (an exploit which looks if the kernel is exploitable and then disables vmsplice() - or at least tries to) - don't use that. It doesn't work on CentOS 5. The original exploit seems to crash xen-DomUs - the deexploit succeeds in *not* crashing the kernel so that the exploit now also works on DomUs.

Take care (of your systems),

Ralph
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux