Re: Recent Linux vulnerabilities

From: Leonardo Eloy (leonardo_at_morphus.com.br)
Date: 01/20/05

  • Next message: Roy Stapleton: "RE: priviledge escalation techniques" 
    Date: Thu, 20 Jan 2005 10:38:25 -0300
To: Rainer Duffner <rainer@ultra-secure.de>

    Rainer Duffner escreveu:

    > Michael Richardson wrote:
    >
    >> -----BEGIN PGP SIGNED MESSAGE-----
    >>
    >>
    >> First, many of those reports are 2.6 specific.
    >> Many deployed systems are running 2.4, which does not have anywhere near
    >> as many issues.
    >
    You're right, but some of the issues I related are vulnerable in both
    kernel series.

    >>
    >>
    >>
    >
    >
    > Indeed. But even 2.4 has had more than enough bugs - though the
    > situation with 2.6 is really disastrous, IMO.

    I think both kernel series hasn't considered secure programming as on of
    the issues, when submitting patches. As Alan Cox said "/if you plot
    things like 'buffer overflow' 'structure passed to user space not
    cleaned' 'maths overflow check error' against time you'll see they show
    definite patterns with spikes decaying at different rates towards
    zero./" [http://kerneltrap.org/node/4570], but until we reach that
    point, we must be very careful with systems we deploy.

    > I'm glad my main servers run BSD ;-)

    Oh god! :P

    > Though not all my customers have that "privilege".
    >
    >
    >> Second, "local exploits" mean you need to get a local user.
    >> If you assume that, then you can assume a lot of other things too.
    >
    That's my question! :)
    Have you guys been using more kernel-based method to gain superuser
    level or program-based exploits?

    >>
    >
    >>
    >
    > If all your PHP-apps are tight and secure, then yes.
    > Unfortunately, this isn't the case. Dare I say phpBB ?
    > Or look at other well-known PHP-projects - almost none of them can run
    > in PHP-safemode and some have to tweak multiple php.ini-values to "a
    > little bit less-secure" values.
    > In combination, the results can be very bad.
    > It's really becoming a nightmare.
    >
    >
    >
    > cheers,
    > Rainer
    > 

    -- 
Leonardo Eloy, LPIC-1, FCSE
Analista de Segurança
Morphus Tecnologia
Fone/Fax: 85 3452.5733/5737
Móvel: 85 8802.6740
e-mail: leonardo@morphus.com.br
site: http://www.morphus.com.br
As informações existentes nessa mensagem e nos arquivos anexados são para uso restrito, sendo seu sigilo protegido por lei. Caso não seja destinatário, saiba que leitura, divulgação ou cópia são proibidas. Favor apagar as informações e notificar o remetente. O uso impróprio será tratado conforme as normas da empresa e a legislação em vigor.
The information contained in this message and in the attached files are restricted, and its confidentiality protected by law. In case you are not the addressee, be aware that the reading, spreading and copy of this message is unauthorized. Please, delete this message and notify the sender. The improper use of this information will be treated according the company's internal rules and legal laws.
  • Next message: Roy Stapleton: "RE: priviledge escalation techniques"