View Full Version : *nix server folks
http://it.slashdot.org/article.pl?sid=08/02/10/2011257&from=rss
Just a heads up in case you haven't seen it. My boss has tested the exploit on a couple of boxes at work (ones that don't have customer logins) and confirmed it works and thus may present a problem. Guess we'll be figuring out which boxes are affected this morning and getting them patched or whatever.
edit: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=464953#14 possible workaround available there.
cheers! that's pretty scary.
Don't see many of those!
Thanks for the heads up :)
I will test my boxes now :) Cheers for the headsup :)
mvg@icebox ~/exploit $ ./5092
-----------------------------------
Linux vmsplice Local Root Exploit
By qaaz
-----------------------------------
[+] mmap: 0x0 .. 0x1000
[+] page: 0x0
[+] page: 0x20
[+] mmap: 0x4000 .. 0x5000
[+] page: 0x4000
[+] page: 0x4020
[+] mmap: 0x1000 .. 0x2000
[+] page: 0x1000
[+] mmap: 0xb7f16000 .. 0xb7f48000
[+] root
icebox exploit #
Just as well the only user I don't trust on my servers is me. :)
Thankfully we've figured out that the main servers that customers can ssh onto aren't affected by this bug. One huge collective sigh of relief at that :)
Looks like this can be used to good DoS effect as well. Either that or it's a coincidence my server paniced spectacularly several hours after testing the exploit.
Went writing to the RAID array too. Data seems to be intact (touch wood).
In the debian bug reports there have been a few people saying that the exploit or associated patches etc have been causing hard crashes. Perhaps you are a victim of that? Pure speculation though, could be a coincidence but then linux boxes dont really lock up all that often...
The system itself didn't hard lock, but anything that tried to access parts of the affected filesystem did.
Anyway, the power button soon cured it. I'll remember to reboot afterwards if I decide to re-run that exploit code again. :)
One of our sys-arch's warned his previous employers about the exploit. "Oh no, we've spoken with our technical guys and they assure us our server is safe".
2 minutes later he's FTP'd up a copy of the exploit, and triggered it.
Boom :)
vBulletin® v3.7.4, Copyright ©2000-2025, Jelsoft Enterprises Ltd.