OpenVZ Forum


Home » General » Support » Linux kernel null pointer bug
Linux kernel null pointer bug [message #37067] Mon, 17 August 2009 11:13 Go to next message
bucasia is currently offline  bucasia
Messages: 4
Registered: June 2009
Junior Member
Does anyone know how the OpenVZ kernel is affected by this bug - http://www.securityfocus.com/bid/36038/info ? Thanks.

edit: I guess I should be a little more specific -

Does it give VPS containers access to the main node?
Will a patched kernel be issued - specifically for CentOS?

Thanks again!

[Updated on: Mon, 17 August 2009 11:19]

Report message to a moderator

Re: Linux kernel null pointer bug [message #37088 is a reply to message #37067] Tue, 18 August 2009 12:35 Go to previous messageGo to next message
khorenko is currently offline  khorenko
Messages: 533
Registered: January 2006
Location: Moscow, Russia
Senior Member
Hi.

2.6.18-128.2.1.el5.028stab064.4 kernel (latest stable OVZ) is immune to the exploits on the issue.

The kernel is immune due to the fact that 64.4 kernel has the bypassing "mmap_min_addr" issue fixed:
http://blog.cr0.org/2009/06/bypassing-linux-null-pointer.htm l - description of the problem

Exploits for the current issue, in their turn, need this hole to gain root access.

--
Konstantin


If your problem is solved - please, report it!
It's even more important than reporting the problem itself...
Re: Linux kernel null pointer bug [message #37089 is a reply to message #37088] Tue, 18 August 2009 12:42 Go to previous messageGo to next message
bucasia is currently offline  bucasia
Messages: 4
Registered: June 2009
Junior Member
Hi Konstantin,

That's good news. Thanks for taking the time to update this thread.

Matt
Re: Linux kernel null pointer bug [message #37191 is a reply to message #37088] Tue, 25 August 2009 19:20 Go to previous messageGo to next message
lazy
Messages: 16
Registered: January 2008
Junior Member
finist wrote on Tue, 18 August 2009 08:35
Hi.

2.6.18-128.2.1.el5.028stab064.4 kernel (latest stable OVZ) is immune to the exploits on the issue.

The kernel is immune due to the fact that 64.4 kernel has the bypassing "mmap_min_addr" issue fixed:
http://blog.cr0.org/2009/06/bypassing-linux-null-pointer.htm l - description of the problem

Exploits for the current issue, in their turn, need this hole to gain root access.



but still it's possible to destabilize the kernel with a failed exploit attempt

and there is another bug fixed in RHSA-2009:1222-02
https://rhn.redhat.com/errata/RHSA-2009-1222.html
bug
https://bugzilla.redhat.com/show_bug.cgi?id=518034

tonight i'm rolling 64.4 with patches from upstream
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6 .git;a=commitdiff;h=1e0c14f49d6b393179f423abbac47f85618d3d46

testing went threw ok, i will se if there will be any problems in production
Re: Linux kernel null pointer bug [message #37195 is a reply to message #37191] Wed, 26 August 2009 06:54 Go to previous messageGo to next message
khorenko is currently offline  khorenko
Messages: 533
Registered: January 2006
Location: Moscow, Russia
Senior Member
Quote:
but still it's possible to destabilize the kernel with a failed exploit attempt


Not exactly: you need to modify exploit to do this. But yes, it's possible, but again - from Hardware Node only.

Quote:
and there is another bug fixed in RHSA-2009:1222-02
https://rhn.redhat.com/errata/RHSA-2009-1222.html
...
testing went threw ok, i will se if there will be any problems in production


Yes, we've already seen that, thank you.

--
Konstantin


If your problem is solved - please, report it!
It's even more important than reporting the problem itself...
Re: Linux kernel null pointer bug [message #37196 is a reply to message #37195] Wed, 26 August 2009 07:17 Go to previous message
lazy
Messages: 16
Registered: January 2008
Junior Member
finist wrote on Wed, 26 August 2009 02:54
Quote:
but still it's possible to destabilize the kernel with a failed exploit attempt


Not exactly: you need to modify exploit to do this. But yes, it's possible, but again - from Hardware Node only.

Quote:
and there is another bug fixed in RHSA-2009:1222-02
https://rhn.redhat.com/errata/RHSA-2009-1222.html
...
testing went threw ok, i will se if there will be any problems in production


Yes, we've already seen that, thank you.



I recall when when I started one of the exploits from 32 bit guest(64 bit host), its process got blocked in kernel space and I couldn't enter any other vps, reboot machine properly etc.
when I have some time I will recheck it (maybe after all I wasn't running 64.4 on that machine) exploit was modified to run without kernel symbols in /proc


patched machines are working fine, is applying mentioned patch is sufficient ? (debian is using this patch for etch kernel so i guess it's safe to think so)


thanks for Your answer
--
Lazy

[Updated on: Wed, 26 August 2009 07:22]

Report message to a moderator

Previous Topic: APF - Kernel Module Error
Next Topic: *SOLVED* What I am mistaking. Help please
Goto Forum:
  


Current Time: Sun Apr 21 21:44:47 GMT 2024

Total time taken to generate the page: 0.01423 seconds