On Fri, May 13, 2005 at 02:43:50PM +1200, Michal Ludvig wrote: > Herbert Poetzl wrote: > > On Thu, May 12, 2005 at 01:43:09PM +0200, Oliver Welter wrote: > > > >>serious problem: > >>I read about the new BufferOverflow in the kernel's ELF Loader - it > >>seems that an unprivileged attacker can start process in the kernels > >>context.. > > > > > > details? > > > > - which issue? > > Core dump privilege escallation. > http://isec.pl/vulnerabilities/isec-0023-coredump.txt > > > - what kernels are affected? > > Almost all 2.2, 2.4, 2.6 up to the *most* recent. > > > - how does the 'exploit' look like? > > Specially crafted ELF binary can be used to overwrite kernel memory on > coredump. > > >>Is it possible to break out of a vServer with this Bug ? > > > > depends, if you can create kernel processess, they > > certainly can circumvent _any_ kernel side protection > > so if done probably, I'd say so ... > > Probably yes. Hotfix as suggested by the paper: disable coredumps.
yup, but better upgrade to 2.6.11.9-vs2.0-rc1 ;) best, Herbert > Michal Ludvig > -- > * Personal homepage: http://www.logix.cz/michal > _______________________________________________ > Vserver mailing list > [email protected] > http://list.linux-vserver.org/mailman/listinfo/vserver _______________________________________________ Vserver mailing list [email protected] http://list.linux-vserver.org/mailman/listinfo/vserver
