Re: [Vserver] [Advisory] chroot exploit ...

[Tor Rune Skoglund]

fredag 6. februar 2004, 00:10, skrev Herbert Poetzl:
 Markus Müller from GeNUA (Germany) reported an up
 to now unknown way to escape from the vserver chroot
 jail, which is based on the fact the chmod did not
 verify the 000 barrier correctly ...

Where can one find documentation for this exploit?

Best regards
Tor Rune Skoglund
-- 
DataKompaniet as
Teknobyen, Abels gt. 5  Tel: +47 73 51 51 51
N-7030 Trondheim, NorwayFax: +47 73 94 38 61
E-mail: [EMAIL PROTECTED]

___
Vserver mailing list
[EMAIL PROTECTED]
http://list.linux-vserver.org/mailman/listinfo/vserver

[Vserver] [Advisory] chroot exploit ...

[Herbert Poetzl]

Dear Vserver Community!

Markus Müller from GeNUA (Germany) reported an up 
to now unknown way to escape from the vserver chroot
jail, which is based on the fact the chmod did not 
verify the 000 barrier correctly ...

the following patch, applied with  patch -p0
fixes this issue, for stable and devel releases

 http://www.13thfloor.at/vserver/security/root-escape-fix.diff

a new stable version including this fix will
be available in the next hour ...

this is a vulnerability, which allows any vserver
root user to escape the chroot() jail, and gain
access to the host server, so I would suggest to
patch/upgrade as soon as possible.

HTH,
Herbert

PS: all linux-vserver versions are affected.

___
Vserver mailing list
[EMAIL PROTECTED]
http://list.linux-vserver.org/mailman/listinfo/vserver