LVS
lvs-users
Google
 
Web LinuxVirtualServer.org

Re: linux kernel exploit on real-servers

To: "LinuxVirtualServer.org users mailing list." <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: linux kernel exploit on real-servers
From: Shivaji Navale <shivaji@xxxxxxxxxxxxx>
Date: Tue, 9 Dec 2003 01:57:24 +0530 (IST)
Dear Horms,

On Sun, 7 Dec 2003, Horms wrote:

> On Sat, Dec 06, 2003 at 04:20:44PM +0530, Shivaji Navale wrote:
> >
> >
> > I was surprised to see the do_brk vulnerabilty wasnt exploitable on the
> > kernel source from ultramonkey (2.4.20-18.8.um.1custom).
> >
> > I tried it on all real servers. Although i tried after reinstalling the
> > kernels on real-servers, but before rebooting them.
> > The output of the /proc/pidof executable/maps was also as mentioned.
> > Yet to try it on director.
> >
> > I would also like to add that the ptrace vulnerability present for the
> > kernel version installed on real servers, was also not exploitable in that
> > the suid shell to be givento user programs just died out.
> > Although the kernel version then was not the ultramonkey one. and the
> > vulnerability got exploited on director by doing su - username (as logins
> > were not allowed on director)
> >
> > How is it so.
>
> Hi,
>
> I am currently working on some new kernel packages for ultramoneky on
> Debain which will be the Debain 2.4.22 kernel + lvs + the hidden
> interface patch + a patch for the do_brk bug. I appologise
> for this taking so long. Please be patient.
>

Actually what i meant was the vulnerabilities were *NOT*
EXploitable on the similar release.
And not that i wanted a new release ;)

regards,
-shivaji

<Prev in Thread] Current Thread [Next in Thread>