[Users] Dirty COW
William Pettersson
william.pettersson at gmail.com
Sat Oct 22 03:20:43 PDT 2016
Apologies, this won't appear in the correct thread, as I was not on this
mailing list until a few moments ago.
Scott Dowdle wrote:
> I haven't tried an exploit program on an OpenVZ Legacy host node to try.
Anyone?
I have successfully exploited a Legacy node, running kernel
2.6.32-042stab055.16 and then 2.6.32-042stab117.16. This was done using the
pokemon PoC from
https://github.com/dirtycow/dirtycow.github.io/blob/master/pokemon.c
I don't run the actual host, so I don't know how things work there, but I
can confirm that OpenVZ legacy nodes are vulnerable. Hopefully the patch
can be backported into official channels relatively quickly. I'm personally
not too concerned, as this is only a test bed for me, but anyone who runs
anything sensitive/critical on an OpenVZ system should be keeping a close
eye on it at the very least.
William Pettersson
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openvz.org/pipermail/users/attachments/20161022/64671cce/attachment-0001.html>
More information about the Users
mailing list