Herbert Poetzl wrote: > On Thu, May 12, 2005 at 01:43:09PM +0200, Oliver Welter wrote: > >>serious problem: >>I read about the new BufferOverflow in the kernel's ELF Loader - it >>seems that an unprivileged attacker can start process in the kernels >>context.. > > > details? > > - which issue?
Core dump privilege escallation. http://isec.pl/vulnerabilities/isec-0023-coredump.txt > - what kernels are affected? Almost all 2.2, 2.4, 2.6 up to the *most* recent. > - how does the 'exploit' look like? Specially crafted ELF binary can be used to overwrite kernel memory on coredump. >>Is it possible to break out of a vServer with this Bug ? > > depends, if you can create kernel processess, they > certainly can circumvent _any_ kernel side protection > so if done probably, I'd say so ... Probably yes. Hotfix as suggested by the paper: disable coredumps. Michal Ludvig -- * Personal homepage: http://www.logix.cz/michal _______________________________________________ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver