[ale] glibc vulnerability
Phil Turmel
philip at turmel.org
Thu Jan 29 11:46:40 EST 2015
On 01/28/2015 06:12 PM, Michael H. Warfield wrote:
> On Tue, 2015-01-27 at 17:57 -0500, Jim Kinney wrote:
>> On Tue, 2015-01-27 at 16:33 -0500, James Sumners wrote:
>>> It's just getting ridiculous at this point.
>>
>> Actually, no. It's about time that some of the core capabilities of
>> Linux were put under the security microscope. This particular issue
>> doesn't allow a root access but does allow access as the user running a
>> vulnerable process. So turn on selinux while this is getting patched and
>> privilege escalations are mostly moot.
>
> It's also very difficult to exploit (in spite of the EXIM example /
> PoC). You can only overwrite a very limited number of bytes (4 bytes on
> 32 bit machines and 8 bytes on 64 bit machines) and that's then just
> beginning your your challenges for full RCE. Not impossible, but far
> FAR from a walk in the park. Yes, even NULL derefs can be exploited
> and, once you have a reliable exploit, difficulty of exploitation goes
> out the window in a heartbeat.
The microscope argument has merit IMHO, and for me, it prompted a
rebuild of my personal mailserver. That also prompted further
introspection, as the mail archive restore from my offsite backup (@
home) to my VPS took all day and most of the night. Asymmetric
bandwidth sucks. New plan: backup to another VPS at a different
datacenter.
Phil
More information about the Ale
mailing list