[CentOS] local root exploit

Ross S. W. Walker rwalker at medallion.com
Mon Feb 11 23:00:14 UTC 2008


Matthew Miller wrote:
> 
> On Mon, Feb 11, 2008 at 04:26:57PM -0500, Ross S. W. Walker wrote:
> > Problem with Debian patch is it may conflict with some of the RH
> > backports, but if it works why not submit it to CentOS team for
> > testing as I hear the RH current workaround has issues with GPFs.
> 
> I think that's with the powertech.no "ptpatch2008" kernel 
> module which tries
> to patch the problem in your existing kernel -- not with the 
> actual fix.

Ah, ok, I feel a little better about it then. The reports weren't
specific about which patch was used and I assumed it was the
patch on bugzilla.

> > I personnally run my systems behind the firewall, but I suppose
> > anybody who has CentOS/RHEL 5 that is Internet facing would 
> > worry a little bit more.
> 
> Do you ever use network-accessing applications which might have bugs?

Yes, but always through transparent proxies which scan all traffic.

BTW aren't we all using network-accessing applications which might
have bugs all the time? I would say every application we use has
bugs, how big or small they are is as yet to be seen, so I trust
NOTHING.

> > I wonder if any existing user-land utilities have hooks into
> > vmsplice that may be able to be accessed via PHP, Perl, or CGI?
> 
> It's a system call.

Yes, but conceivable an application can make use of such a system
call since it is exploitable from user land and hence the concern.

-Ross

______________________________________________________________________
This e-mail, and any attachments thereto, is intended only for use by
the addressee(s) named herein and may contain legally privileged
and/or confidential information. If you are not the intended recipient
of this e-mail, you are hereby notified that any dissemination,
distribution or copying of this e-mail, and any attachments thereto,
is strictly prohibited. If you have received this e-mail in error,
please immediately notify the sender and permanently delete the
original and any copy or printout thereof.




More information about the CentOS mailing list