[colug-432] New root exploit code for CentOS
R P Herrold
herrold at owlriver.com
Tue May 14 13:49:47 EDT 2013
On Tue, 14 May 2013, Joshua Kramer wrote:
> https://www.centos.org/modules/newbb/viewtopic.php?topic_id=42827&forum=59
and upstream to CentOS at:
https://bugzilla.redhat.com/show_bug.cgi?id=962792
> Apparently it can be mitigated using this kernel module:
>
> http://elrepo.org/tiki/kmod-tpe
perhaps, although I have not tested -- 'toracat' on that forum
thread is a 'sheepdog' as to getting modules updated and
throught the El Repo process
> I spun up a test VM and tested this - it works! What would be interesting
> is doing some investigation to see if SELinux could prevent damage if this
> code was run from a malicious web app instead of the command prompt.
sounds like a great COLUG presentation; 'SELinux' is a range
of possible levels of protection, so some experimentation may
be needed to assign a answer of what seems to work
> Also, I wonder if this works on Scientific Linux and other RHEL
> derivatives, or RHEL itself?
it should as the upstream link indicates
-- Russ herrold
More information about the colug-432
mailing list