[Users] New kernel vuln...
Josip Rodin
joy at entuzijast.net
Tue Sep 1 17:56:55 EDT 2009
On Tue, Aug 18, 2009 at 04:31:12PM +0400, Konstantin Khorenko wrote:
> Hi all,
>
> just wanted to share the info:
> i checked this issue and found that 2.6.18-128.2.1.el5.028stab064.4 kernel (latest OVZ) is immune to the exploits on the issue described at http://blog.cr0.org/2009/08/linux-null-pointer-dereference-due-to.html
> Exploits do not work both inside a Container and on a Hardware Node.
>
> On 08/17/2009 10:26 PM, Michael Stauber wrote:
> ...
> > The exploit allows an unprivileged user to gain root access. However: The
> > exploit (as is) *only* works on the master node. NOT inside a VE. Somehow the
> > virtualization already takes care of it and prevents it when someone runs it
> > inside a VE.
>
> Michael, could you please confirm that you were able to gain root on a kernel before 64.4?
>
> The kernel is immune due to the fact that 64.4 kernel has the bypassing "mmap_min_addr" issue fixed:
> http://blog.cr0.org/2009/06/bypassing-linux-null-pointer.html - description of the problem
>
> Exploits for the current issue, in their turn, need this hole to gain root access.
AFAICT the linux-2.6.27-openvz has this obvious issue with mmap_min_addr due
to security/Kconfig containing:
config SECURITY
bool "Enable different security models"
depends on SYSFS && !VE
config SECURITY_DEFAULT_MMAP_MIN_ADDR
int "Low address space to protect from user allocation"
depends on SECURITY
default 0
Should we be worried?
--
2. That which causes joy or happiness.
More information about the Users
mailing list