Frank Cox schrieb:> https://bugzilla.redhat.com/show_bug.cgi?id=432251
Just to clarify it a little bit: These are *local* root exploits, so the
enemy has to find a way to get a shell account on your box to escalate
his privileges.
I don't want to say that these exploits are harmless (well, there seems
to be "only" one with an exploit which affects CentOS 5), but if your
boxes are secured from the outside, there's no need to completely panic.
Administrators of boxes with shell accounts where not all users are
completely trusted or administrators of boxes with rather lose security
(you know your cgi scripts - or probably don't) may panic now.
As only Kernel 2.6.17 and above have the vmsplice() system call, CentOS
4 and CentOS 3 (and 2.1) are *not* affected.
And: There seems to be a fix in the making. See the above bugzilla URL.
Warning: There's a "dexploit"-exploit out there (an exploit which
looks
if the kernel is exploitable and then disables vmsplice() - or at least
tries to) - don't use that. It doesn't work on CentOS 5. The original
exploit seems to crash xen-DomUs - the deexploit succeeds in *not*
crashing the kernel so that the exploit now also works on DomUs.
Take care (of your systems),
Ralph