[Vserver] CAN-2004-1235 anyone?

[Gregory (Grisha) Trubetskoy]

Is this something to worry about on vs 1.9.3 kernels?
http://isec.pl/vulnerabilities/isec-0021-uselib.txt
I saw Fedora released an updated kernel, though the comment at the 
beginning of the exploit code in the link above says tested only on 
2.4.x. I for one could get it to compile, though I didn't try very hard.

Grisha
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] CAN-2004-1235 anyone?

[Herbert Poetzl]

On Tue, Jan 11, 2005 at 10:07:12AM -0500, Gregory (Grisha) Trubetskoy wrote:
 
 Is this something to worry about on vs 1.9.3 kernels?

yep, local (vserver) root priviledge escalation is possible
AFAICT it's not possible to leave a vserver (at least not
without other exploits) ...

 http://isec.pl/vulnerabilities/isec-0021-uselib.txt
 
 I saw Fedora released an updated kernel, though the comment at the 
 beginning of the exploit code in the link above says tested only on 
 2.4.x. I for one could get it to compile, though I didn't try very hard.

http://kerneltrap.org/files/jeremy/2.6.10-mm1-brk-locked.patch

(might need some merging, will look into it asap)

HTH,
Herbert

 
 Grisha
 ___
 Vserver mailing list
 Vserver@list.linux-vserver.org
 http://list.linux-vserver.org/mailman/listinfo/vserver
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver