Date: Fri, 10 Oct 2014 12:46:41 +0200 From: rf@...eap.de To: oss-security@...ts.openwall.com Subject: Re: CVE-2014-7975: 0-day umount denial of service >>>>> "Andy" == Andy Lutomirski <luto@...capital.net> writes: >> Andy> I just screwed up and typoed my git send-email command, so >> Andy> there's now a publicly available exploit for a new umount bug. >> Andy> Fortunately this one isn't terribly serious, but it might be >> Andy> usable for more than just DoS if some daemon reacts poorly to >> Andy> being unable to write to the filesystem. >> Andy> http://thread.gmane.org/gmane.linux.kernel.stable/109312 >> Hmm, what damage is this supposed to do? I get (3.12.29): >> ql-front-t:/dev/pts# /root/remount-exploit /dev >> remount_ro, a DoS by Andy Lutomirski >> remount-exploit: umount: Device or resource busy >> Maybe you should specify what versions are supposed to be >> vulnerable Andy> The PoC does pretty much the same thing as Andy> # mount -o remount,ro TARGET Andy> but it doesn't require privilege to run. Andy> Due to the way that Linux handles filesystem business, it is Andy> unlikely to work on filesystems that have anything open for Andy> writing. (It works on my Fedora system targetting /dev.) The Andy> upshot is that it may be difficult to exploit in any Andy> meaningful way on some systems. Andy> It may also work more reliably against network filesystems. Andy> I'm not really sure. Andy> That output means that you're vulnerable. You would have Andy> gotten something like "Permission denied" if you weren't Andy> vulnerable. Thanks for clarifying. -- Roland ------- http://www.q-leap.com / http://qlustar.com --- HPC / Storage / Cloud Linux Cluster OS ---
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ