|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[SA12021] Linux VServer procfs Permission Weakness
From: Secunia Security Advisories (sec-adv
secunia.com)
Date: Tue Jul 06 2004 - 09:08:21 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
TITLE:
Linux VServer procfs Permission Weakness
SECUNIA ADVISORY ID:
SA12021
VERIFY ADVISORY:
http://secunia.com/advisories/12021/
CRITICAL:
Not critical
IMPACT:
Exposure of sensitive information, DoS
WHERE:
Local system
SOFTWARE:
Linux VServer 1.x
http://secunia.com/product/2983/
DESCRIPTION:
Veit Wahlich has reported a weakness in Linux VServer, which can be
exploited by certain malicious, local users to cause a DoS (Denial of
Service) or gain knowledge of sensitive information.
The vulnerability is caused due to weak permissions on procfs, which
allows a privileged user on a virtual server to manipulate the
permissions on "/proc" for all virtual servers or gain knowledge of
information related to other virtual servers.
The vulnerability has been reported in the following versions:
* 1.27 and prior (Linux 2.4 stable branch)
* 1.3.9 and prior (Linux 2.4 devel branch)
* 1.9.1 and prior (Linux 2.6 devel branch)
SOLUTION:
Update to version 1.28.
http://www.13thfloor.at/vserver/s_release/v1.28/
PROVIDED AND/OR DISCOVERED BY:
Veit Wahlich
ORIGINAL ADVISORY:
http://ircnet.de/article.shtml?vsproc
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
----------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]