[CentOS] Root exploit in the wild
Ralph Angenendt
ra+centos at br-online.deSun Feb 10 23:22:28 UTC 2008
- Previous message: [CentOS] Root exploit in the wild
- Next message: [CentOS] Root exploit in the wild
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Frank Cox schrieb: > https://bugzilla.redhat.com/show_bug.cgi?id=432251 Just to clarify it a little bit: These are *local* root exploits, so the enemy has to find a way to get a shell account on your box to escalate his privileges. I don't want to say that these exploits are harmless (well, there seems to be "only" one with an exploit which affects CentOS 5), but if your boxes are secured from the outside, there's no need to completely panic. Administrators of boxes with shell accounts where not all users are completely trusted or administrators of boxes with rather lose security (you know your cgi scripts - or probably don't) may panic now. As only Kernel 2.6.17 and above have the vmsplice() system call, CentOS 4 and CentOS 3 (and 2.1) are *not* affected. And: There seems to be a fix in the making. See the above bugzilla URL. Warning: There's a "dexploit"-exploit out there (an exploit which looks if the kernel is exploitable and then disables vmsplice() - or at least tries to) - don't use that. It doesn't work on CentOS 5. The original exploit seems to crash xen-DomUs - the deexploit succeeds in *not* crashing the kernel so that the exploit now also works on DomUs. Take care (of your systems), Ralph
- Previous message: [CentOS] Root exploit in the wild
- Next message: [CentOS] Root exploit in the wild
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS mailing list