On Tue, Jan 11, 2005 at 10:07:12AM -0500, Gregory (Grisha) Trubetskoy wrote: > > Is this something to worry about on vs 1.9.3 kernels?
yep, local (vserver) root priviledge escalation is possible AFAICT it's not possible to leave a vserver (at least not without other exploits) ... > http://isec.pl/vulnerabilities/isec-0021-uselib.txt > > I saw Fedora released an updated kernel, though the comment at the > beginning of the exploit code in the link above says "tested only on > 2.4.x". I for one could get it to compile, though I didn't try very hard. http://kerneltrap.org/files/jeremy/2.6.10-mm1-brk-locked.patch (might need some merging, will look into it asap) HTH, Herbert > > Grisha > _______________________________________________ > Vserver mailing list > Vserver@list.linux-vserver.org > http://list.linux-vserver.org/mailman/listinfo/vserver _______________________________________________ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
