RE: one shot remote root for linux?
On Tue, 28 Apr 2009, Gregory Boehnlein wrote: It is a common misconception that the ESX Hypervisor is Linux based, but that is an urban legend. Is the ESX Hypervisor useful without the Linux layer? Then, to what extent do based on and depends on differ in the context of software? --paulj
Re: one shot remote root for linux?
On Thu, Apr 30, 2009 at 10:28 AM, Paul Jakma p...@jakma.org wrote: On Tue, 28 Apr 2009, Gregory Boehnlein wrote: It is a common misconception that the ESX Hypervisor is Linux based, but that is an urban legend. Is the ESX Hypervisor useful without the Linux layer? Then, to what extent do based on and depends on differ in the context of software? ESXi doesn't require much Linux (just busybox), but I think the point is that the VMkernel (the hypervisor) and the service console (Linux) are separate entities. The SC is really a VM, so it depends more on VMkernel than VMkernel depends on it. dre
Re: one shot remote root for linux?
On Thu, 30 Apr 2009, Andre Gironda wrote: ESXi doesn't require much Linux (just busybox), but I think the point is that the VMkernel (the hypervisor) and the service console (Linux) are separate entities. The SC is really a VM, so it depends more on VMkernel than VMkernel depends on it. So it's a VM, which is required to be booted in order to be able to load the hypervisor? Seems an unusual definition of VM to me.. Also, which code handles the I/O to load the other, less special, VMs? The Linux fs and block layer, or the VMWare hypervisor? Anyway, I fear we're about to be kicked into touch by the moderators.. regards, -- Paul Jakma p...@clubi.ie p...@jakma.org Key ID: 64A2FF6A
Re: one shot remote root for linux?
On Apr 30, 2009, at 1:28 PM, Paul Jakma wrote: Is the ESX Hypervisor useful without the Linux layer? Then, to what extent do based on and depends on differ in the context of software? I needed DR-DOS 3 to make NetWare 3.12 boot, but I wouldn't consider it to be based on DOS.
Re: one shot remote root for linux?
On Tuesday 28 April 2009 09:33:06 pm Christopher Morrow wrote: That said there are a few 'network devices' which are linux based (not just Vyatta! :) ) o Cisco Guards o Arbor Peakflow (at least the X version) o some-route-optmization systems o dns/mail/ntp/blah widgets Add: Cisco Content Engines and anything else that runs ACNS.
Re: one shot remote root for linux?
On 29/04/2009, at 3:25 PM, Nathan Ward wrote: On 29/04/2009, at 3:10 PM, Crooks, Sam wrote: Cisco ASA's appear to be linux under the hood based on watching versions of ASA804-3/12/19/23/31 boot on the console They are Linux, and run two copies of IOS simultaneously in a VM each. Erk, sorry, I brain farted and was thinking of the ASR. I'm really not sure about the ASA product line. -- Nathan Ward
one shot remote root for linux?
This is one of them mysterious and rare cases where a non router OS vulnerability may affect network operations. Sometimes news finds us in mysterious yet obvious ways. HD Moore (respected security researcher) set a status which I noticed on my twitter: @hdmoore reading through sctp_houdini.c - one-shot remote linux kernel root - http://kernelbof.blogspot.com/ I asked him about it on IM, wondering if it is real: looks like that but requires a sctp app to be running Naturally, I retweeted. Signed, @gadievron
Re: one shot remote root for linux?
Why are you alining yourself with a computer hacker? I thought you were trying to stop these guys releasing exploits in your line of work? Andrew On Tue, Apr 28, 2009 at 3:10 PM, Gadi Evron g...@linuxbox.org wrote: This is one of them mysterious and rare cases where a non router OS vulnerability may affect network operations. Sometimes news finds us in mysterious yet obvious ways. HD Moore (respected security researcher) set a status which I noticed on my twitter: @hdmoore reading through sctp_houdini.c - one-shot remote linux kernel root - http://kernelbof.blogspot.com/ I asked him about it on IM, wondering if it is real: looks like that but requires a sctp app to be running Naturally, I retweeted. Signed, �...@gadievron
Re: one shot remote root for linux?
On Tue, Apr 28, 2009 at 6:31 PM, andrew.wallace andrew.wall...@rocketmail.com wrote: Why are you alining yourself with a computer hacker? I thought you were trying to stop these guys releasing exploits in your line of work? it didn't look like he did (to me) On Tue, Apr 28, 2009 at 3:10 PM, Gadi Evron g...@linuxbox.org wrote: This is one of them mysterious and rare cases where a non router OS vulnerability may affect network operations. hrm, in reality a bunch of non-router vulnerabilities affect (to some extent anyway) network operations. Sometimes news finds us in mysterious yet obvious ways. HD Moore (respected security researcher) set a status which I noticed on my twitter: @hdmoore reading through sctp_houdini.c - one-shot remote linux kernel root - http://kernelbof.blogspot.com/ I asked him about it on IM, wondering if it is real: looks like that but requires a sctp app to be running one good thing, practically no sctp deployment... and, hopefully for networking equipment there's already local firewall/acl capability deployed. That said there are a few 'network devices' which are linux based (not just Vyatta! :) ) o Cisco Guards o Arbor Peakflow (at least the X version) o some-route-optmization systems o dns/mail/ntp/blah widgets It's nice to get some notice of this, it's also nice it got fixed in later kernels (who knows what kernel Peakflow-X has deployed or what custom mods happen to it?) Quickly searching favorite search engine shows quite a few SCTP/Linux problems reported over at least the last 2.5 years. The one mentioned here seems to be: CVE-2009-0065 reported Jan 5th 2009, only redhat reports back a fix so far (according to mitre). Putting on my Paul Quinn/Roland Dobbins/Darrel Lewis hat - another good argument for infrastructure acls!! :) -chris
Re: one shot remote root for linux?
On Tue, 28 Apr 2009 23:31:04 BST, andrew.wallace said: Why are you alining yourself with a computer hacker? I thought you were trying to stop these guys releasing exploits in your line of work? Phrased differently: The horse has already left the barn, and Gadi is warning you that there's a horse possibly munching on your front lawn already. Which would you rather have if you actually had a network to run - Gadi and HD Moore telling you that the bad guys have a point-and-shoot for the boxes you use to run your net, or them *not* telling you about the point-and-shoot? Hint: Anybody who thinks HD Moore is a major part of the problem is probably more a part of the problem than HD is. pgpkuPfvIPrgg.pgp Description: PGP signature
RE: one shot remote root for linux?
-Original Message- From: Christopher Morrow [mailto:morrowc.li...@gmail.com] Sent: Tuesday, April 28, 2009 8:33 PM To: nanog@nanog.org Subject: Re: one shot remote root for linux? That said there are a few 'network devices' which are linux based (not just Vyatta! :) ) o Cisco Guards o Arbor Peakflow (at least the X version) o some-route-optmization systems o dns/mail/ntp/blah widgets Cisco ASA's appear to be linux under the hood based on watching versions of ASA804-3/12/19/23/31 boot on the console
Re: one shot remote root for linux?
On 29/04/2009, at 3:10 PM, Crooks, Sam wrote: Cisco ASA's appear to be linux under the hood based on watching versions of ASA804-3/12/19/23/31 boot on the console They are Linux, and run two copies of IOS simultaneously in a VM each. Kind of like how VMWare ESX is Linux - technically it is, but you don't really treat it as such. -- Nathan Ward
Re: one shot remote root for linux?
Gadi Evron wrote: I asked him about it on IM, wondering if it is real: looks like that but requires a sctp app to be running And which sctcp transport utiltizing app pray tell do you commonly find running on linux based routers and network infrastructure?
RE: one shot remote root for linux?
Cisco ASA's appear to be linux under the hood based on watching versions of ASA804-3/12/19/23/31 boot on the console They are Linux, and run two copies of IOS simultaneously in a VM each. Kind of like how VMWare ESX is Linux - technically it is, but you don't really treat it as such. Not to nit-pick, but VMware ESX uses RedHat Enterprise Linux for it's service console on versions previous to ESXi. The purpose of the service console is to provide support for booting the ESX Hypervisor which itself IS NOT Linux. It does, however, implement a Linux Driver compatability layer so that un-modified Linux drivers can be used w/ the Vmware ESX Hypervisor. The stated goal of this layer is to allow existing third party drivers to be rapidly added to the ESX Hypervisor w/out a lengthy porting process or a requirement for a company to maintain a completely separate driver source code tree for Vmware ESX. Here is a link to some info on Wikipedia: http://en.wikipedia.org/wiki/VMware_ESX_Server Specifically; VMware states that the ESX Server product runs on bare metal.[3] In contrast to other VMware products, it does not run atop a third-party operating system[4], but instead includes its own kernel. Up through the current ESX version 3.5, a Linux kernel is started first[5] and is used to load a variety of specialized virtualization components, including VMware's 'vmkernel' component. This previously-booted Linux kernel then becomes the first running virtual machine and is called the service console. Thus, at normal run-time, the vmkernel is running on the bare computer and the Linux-based service console runs as the first virtual machine (and cannot be terminated or shutdown without shutting down the entire system). It is a common misconception that the ESX Hypervisor is Linux based, but that is an urban legend.
