[ale] glibc vulnerability

Michael Trausch mike at trausch.us
Thu Jan 29 14:25:47 EST 2015


Indeed. I used the little utility to check everything and made sure it was all good and moved on.

I would expect things like mail servers and PBXes to be the targets here. Those have the things in their process scopes that are useful to attackers, and are often forgot about in many infrastructures (the PBXes particularly).

Sent from my iPad

> On Jan 29, 2015, at 11:46 AM, Phil Turmel <philip at turmel.org> wrote:
> 
>> On 01/28/2015 06:12 PM, Michael H. Warfield wrote:
>>> On Tue, 2015-01-27 at 17:57 -0500, Jim Kinney wrote:
>>>> On Tue, 2015-01-27 at 16:33 -0500, James Sumners wrote:
>>>> It's just getting ridiculous at this point.
>>> 
>>> Actually, no. It's about time that some of the core capabilities of
>>> Linux were put under the security microscope. This particular issue
>>> doesn't allow a root access but does allow access as the user running a
>>> vulnerable process. So turn on selinux while this is getting patched and
>>> privilege escalations are mostly moot.
>> 
>> It's also very difficult to exploit (in spite of the EXIM example /
>> PoC).  You can only overwrite a very limited number of bytes (4 bytes on
>> 32 bit machines and 8 bytes on 64 bit machines) and that's then just
>> beginning your your challenges for full RCE.  Not impossible, but far
>> FAR from a walk in the park.  Yes, even NULL derefs can be exploited
>> and, once you have a reliable exploit, difficulty of exploitation goes
>> out the window in a heartbeat.
> 
> The microscope argument has merit IMHO, and for me, it prompted a
> rebuild of my personal mailserver.  That also prompted further
> introspection, as the mail archive restore from my offsite backup (@
> home) to my VPS took all day and most of the night.  Asymmetric
> bandwidth sucks.  New plan:  backup to another VPS at a different
> datacenter.
> 
> Phil
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo



More information about the Ale mailing list