[Users] Dirty COW
Solar Designer
solar at openwall.com
Sat Oct 22 05:50:43 PDT 2016
On Fri, Oct 21, 2016 at 04:43:16PM -0600, Scott Dowdle wrote:
> I still haven't heard if it has been verified that OpenVZ Legacy is vulnerable or not.
It is. Verified. The "pokemon" PoC works on RHEL6 & RHEL5, as long as
you have 2+ logical CPUs.
> According to the Red Hat bugzilla page (https://bugzilla.redhat.com/show_bug.cgi?id=1384344#c13), they claim that EL5 and EL6 are not vulnerable
No, they correctly claim the opposite.
> because /proc/self/mem isn't writable by default.
Yes, but this only affects the initially publicized attack vector.
Alexander
More information about the Users
mailing list