[CentOS] local root exploit
Ross S. W. Walker
rwalker at medallion.com
Mon Feb 11 23:00:14 UTC 2008
Matthew Miller wrote:
>
> On Mon, Feb 11, 2008 at 04:26:57PM -0500, Ross S. W. Walker wrote:
> > Problem with Debian patch is it may conflict with some of the RH
> > backports, but if it works why not submit it to CentOS team for
> > testing as I hear the RH current workaround has issues with GPFs.
>
> I think that's with the powertech.no "ptpatch2008" kernel
> module which tries
> to patch the problem in your existing kernel -- not with the
> actual fix.
Ah, ok, I feel a little better about it then. The reports weren't
specific about which patch was used and I assumed it was the
patch on bugzilla.
> > I personnally run my systems behind the firewall, but I suppose
> > anybody who has CentOS/RHEL 5 that is Internet facing would
> > worry a little bit more.
>
> Do you ever use network-accessing applications which might have bugs?
Yes, but always through transparent proxies which scan all traffic.
BTW aren't we all using network-accessing applications which might
have bugs all the time? I would say every application we use has
bugs, how big or small they are is as yet to be seen, so I trust
NOTHING.
> > I wonder if any existing user-land utilities have hooks into
> > vmsplice that may be able to be accessed via PHP, Perl, or CGI?
>
> It's a system call.
Yes, but conceivable an application can make use of such a system
call since it is exploitable from user land and hence the concern.
-Ross
______________________________________________________________________
This e-mail, and any attachments thereto, is intended only for use by
the addressee(s) named herein and may contain legally privileged
and/or confidential information. If you are not the intended recipient
of this e-mail, you are hereby notified that any dissemination,
distribution or copying of this e-mail, and any attachments thereto,
is strictly prohibited. If you have received this e-mail in error,
please immediately notify the sender and permanently delete the
original and any copy or printout thereof.
More information about the CentOS
mailing list