[CentOS] local privilege escalation in kernel and systemd

Two related bugs involve mounting a very long path. The kernel bug requires passing a 1 GB path string, while the systemd bug involves an 8 MB path that overflows its stack.

[CentOS] Local Privilege Escalation

Hi - Looking at https://news.ycombinator.com/item?id=5703758 I have just tried this on a fully patched 6.4 box and it seems vulnerable - Do other see the same? thanks ___ CentOS mailing list CentOS@centos.org

Re: [CentOS] Local Privilege Escalation

Yep, works also on my centos 6.4 box. -- Eero 2013/5/14 Tom Brown t...@ng23.net Hi - Looking at https://news.ycombinator.com/item?id=5703758 I have just tried this on a fully patched 6.4 box and it seems vulnerable - Do other see the same? thanks

Re: [CentOS] Local Privilege Escalation

Did anyone try 6.x other than 6.4 what I mean? I don't have the server to try right now. Banyan He Blog: http://www.rootong.com Email: ban...@rootong.com On 5/14/13 9:52 AM, Eero Volotinen wrote: Yep, works also on my centos 6.4 box. -- Eero 2013/5/14 Tom Brown t...@ng23.net

Re: [CentOS] Local Privilege Escalation

On Tue, May 14, 2013 at 9:24 AM, Tom Brown t...@ng23.net wrote: Hi - Looking at https://news.ycombinator.com/item?id=5703758 I have just tried this on a fully patched 6.4 box and it seems vulnerable - Do other see the same? Yes. Reported earlier in this forum thread (with additional

Re: [CentOS] Local Privilege Escalation

Is this 6.4 only or does it work on 5.9 also? 14.5.2013 19.25 Tom Brown t...@ng23.net kirjoitti: Hi - Looking at https://news.ycombinator.com/item?id=5703758 I have just tried this on a fully patched 6.4 box and it seems vulnerable - Do other see the same? thanks

Re: [CentOS] Local Privilege Escalation

On 05/14/2013 10:07 AM, Eero Volotinen wrote: Is this 6.4 only or does it work on 5.9 also? According to: https://bugzilla.redhat.com/show_bug.cgi?id=962792 Statement: This issue does not affect the kernel packages as shipped with Red Hat Enterprise Linux 5 because we did not backport

Re: [CentOS] Local Privilege Escalation

On Tue, May 14, 2013 at 9:56 AM, Akemi Yagi amy...@gmail.com wrote: On Tue, May 14, 2013 at 9:24 AM, Tom Brown t...@ng23.net wrote: Hi - Looking at https://news.ycombinator.com/item?id=5703758 I have just tried this on a fully patched 6.4 box and it seems vulnerable - Do other see the

Re: [CentOS] Local Privilege Escalation

On 05/14/2013 02:38 PM, Akemi Yagi wrote: On Tue, May 14, 2013 at 9:56 AM, Akemi Yagi amy...@gmail.com wrote: On Tue, May 14, 2013 at 9:24 AM, Tom Brown t...@ng23.net wrote: Hi - Looking at https://news.ycombinator.com/item?id=5703758 I have just tried this on a fully patched 6.4 box and it

Re: [CentOS] Local privilege escalation bug in kernel

Hi Frank, Do we know if this bug affects Centos? http://www.techworld.com.au/article/413300/linux_vendors_rush_patch_privilege_escalation_flaw_after_root_exploits_emerge The article states that it affects kernel 2.6.39 and above, but since RH backports so much stuff I'm not sure if this

[CentOS] Local privilege escalation bug in kernel

Do we know if this bug affects Centos? http://www.techworld.com.au/article/413300/linux_vendors_rush_patch_privilege_escalation_flaw_after_root_exploits_emerge The article states that it affects kernel 2.6.39 and above, but since RH backports so much stuff I'm not sure if this would actually

Re: [CentOS] Local privilege escalation bug in kernel

Do we know if this bug affects Centos? The bug did not affect centos 5. The bug did affect centos 6. The fix from the upstream vendor was released on Monday afaik. The centos update was released Tuesday evening. James ___ CentOS mailing list