OpenVZ Forum


Home » General » Support » *CLOSED* Security breach :: prctl vulnerability
*CLOSED* Security breach :: prctl vulnerability [message #7385] Thu, 12 October 2006 17:54 Go to next message
whatever is currently offline  whatever
Messages: 142
Registered: September 2006
Senior Member
How is it possible the VPS owner break into main node?
I am shocked. Is openVZ really safe at all?
Anyway I can check how it was done and how it can be avoided in future?
Can anyone help me with this??????

Thanks.

[Updated on: Thu, 19 October 2006 08:28] by Moderator

Report message to a moderator

Re: Security breach :: VPS owner break into main node!!!! [message #7400 is a reply to message #7385] Fri, 13 October 2006 05:20 Go to previous messageGo to next message
Vasily Tarasov is currently offline  Vasily Tarasov
Messages: 1345
Registered: January 2006
Senior Member
It should be impossible!

Please, tell us, how do you detect, that a user from VE break into HN?

Thanks!
Re: Security breach :: VPS owner break into main node!!!! [message #7451 is a reply to message #7385] Fri, 13 October 2006 15:05 Go to previous messageGo to next message
John Kelly is currently offline  John Kelly
Messages: 97
Registered: May 2006
Location: Palmetto State
Member
whatever wrote on Thu, 12 October 2006 13:54

How is it possible the VPS owner break into main node?


The VE has a chrooted, limited view of the filesystem. So the VE cannot "break in" to the HN filesystem.

However, the VE can use ssh to login to the HN, just like any other networked host. Maybe you have poor security on your HN. But how can we know what happened, when you don't provide detailed, factual information?

Re: Security breach :: VPS owner break into main node!!!! [message #7453 is a reply to message #7385] Fri, 13 October 2006 16:01 Go to previous messageGo to next message
whatever is currently offline  whatever
Messages: 142
Registered: September 2006
Senior Member
How I detected?
In hardware node we use alert script whenever anyone login to root we get alert. And direct root login to Hardware node is disabled. To get root access one has to login as user allowed list in hardware node and then su password to get root.
There are only 2 users in hardware.
The VPS user got the access to root. And the details of VPSuser, ip, time etc were recorded in alert email.
This happened 2 times with different VPS users.
I can send the VPS root access and alert details to the developer of openvz to have a look at it.
Maybe they can understand better then me.

Thanks.
Re: Security breach :: VPS owner break into main node!!!! [message #7455 is a reply to message #7453] Fri, 13 October 2006 16:29 Go to previous messageGo to next message
John Kelly is currently offline  John Kelly
Messages: 97
Registered: May 2006
Location: Palmetto State
Member
whatever wrote on Fri, 13 October 2006 12:01

And direct root login to Hardware node is disabled.


Maybe. Maybe not. It's possible there could be an OpenVZ bug, but it's more likely your login security is misconfigured.

If you can identify a real bug, the OpenVZ developers will fix it. That's their job. But they don't have time, and it's not their job, to train OpenVZ users how to manage system security.

Re: Security breach :: VPS owner break into main node!!!! [message #7472 is a reply to message #7385] Sat, 14 October 2006 12:14 Go to previous messageGo to next message
whatever is currently offline  whatever
Messages: 142
Registered: September 2006
Senior Member
There are more people who have faced this issue.
one other guy got his access with this code
http://www.milw0rm.com/exploits/2006

Thanks

[Updated on: Sat, 14 October 2006 12:14]

Report message to a moderator

Re: Security breach :: VPS owner break into main node!!!! [message #7476 is a reply to message #7385] Sun, 15 October 2006 14:20 Go to previous messageGo to next message
jason|xoxide is currently offline  jason|xoxide
Messages: 20
Registered: September 2006
Location: Exton, PA
Junior Member
Well, if it's a kernel bug that only affects 2.6.17 and below then it will go away as soon as the test kernel is migrated to 2.6.18 (which they already said would be soon). You can't very well blame OpenVZ for something that is also broken in the vanilla kernel.

[Updated on: Sun, 15 October 2006 14:20]

Report message to a moderator

Re: Security breach :: VPS owner break into main node!!!! [message #7477 is a reply to message #7472] Sun, 15 October 2006 14:37 Go to previous messageGo to next message
Valmont is currently offline  Valmont
Messages: 225
Registered: September 2005
Senior Member
You are mistaken. It can gives root access, but does _not_ break vps restrictions.

And. Do NOT use testing kernel on production. It is only for testing purposes. Use stable kernel.

[Updated on: Sun, 15 October 2006 14:42]

Report message to a moderator

Re: Security breach :: VPS owner break into main node!!!! [message #7480 is a reply to message #7385] Sun, 15 October 2006 15:18 Go to previous messageGo to next message
whatever is currently offline  whatever
Messages: 142
Registered: September 2006
Senior Member
I am using kernel

kernel /vmlinuz-2.6.8-022stab078.10 ro root=/dev/VolGroup00/LogVol00

Thanks
Re: Security breach :: VPS owner break into main node!!!! [message #7481 is a reply to message #7480] Sun, 15 October 2006 15:52 Go to previous messageGo to next message
Valmont is currently offline  Valmont
Messages: 225
Registered: September 2005
Senior Member
Well, did you try to execute this sploit?
It doesn't work on 2.6.8-022stab078.10

[Updated on: Sun, 15 October 2006 15:54]

Report message to a moderator

Re: Security breach :: VPS owner break into main node!!!! [message #7538 is a reply to message #7480] Tue, 17 October 2006 10:46 Go to previous message
dev is currently offline  dev
Messages: 1693
Registered: September 2005
Location: Moscow
Senior Member

2.6.8 stable is not vulnerable since prctl was broken between 2.6.8 and 2.6.9.

2.6.9 stable was updated some time ago (linux-2.6.9-CVE-2006-2451-dumpable.patch)

Plus as someone already noted here, this doesn't allow to get HWN root user. Only VE root.


http://static.openvz.org/userbars/openvz-developer.png
Previous Topic: dual nic environment
Next Topic: Problem with 0.18.1 and kmemsize
Goto Forum:
  


Current Time: Sat Nov 02 16:10:01 GMT 2024

Total time taken to generate the page: 0.03401 seconds