[Users] Dirty COW
Scott Dowdle
dowdle at montanalinux.org
Fri Oct 21 16:33:02 PDT 2016
Greetings,
I tried some proof of concept code (cowroot.c) on an OpenVZ Legacy host as a user and it didn't work. Then I made a CentOS container on the same host, added a user, and tried to run cowroot as a user and it didn't work. When I say work, I mean the exploit didn't work.
I only tested one system once. Can anyone duplicate my findings?
----- Original Message -----
> Greetings,
>
> ----- Original Message -----
> > Are there plans to release new Openvz 6 kernels in repository soon?
>
> For some value of soon I would imagine.
>
> I still haven't heard if it has been verified that OpenVZ Legacy is
> vulnerable or not. According to the Red Hat bugzilla page
> (https://bugzilla.redhat.com/show_bug.cgi?id=1384344#c13), they
> claim that EL5 and EL6 are not vulnerable because /proc/self/mem
> isn't writable by default.
>
> I haven't tried an exploit program on an OpenVZ Legacy host node to
> try. Anyone?
>
> EL7 is supposedly vulnerable so I'd expect a VZ7 update.
>
> TYL,
> --
> Scott Dowdle
> 704 Church Street
> Belgrade, MT 59714
> (406)388-0827 [home]
> (406)994-3931 [work]
> _______________________________________________
> Users mailing list
> Users at openvz.org
> https://lists.openvz.org/mailman/listinfo/users
>
More information about the Users
mailing list