[ale] glibc vulnerability

Phil Turmel philip at turmel.org
Thu Jan 29 11:46:40 EST 2015


On 01/28/2015 06:12 PM, Michael H. Warfield wrote:
> On Tue, 2015-01-27 at 17:57 -0500, Jim Kinney wrote:
>> On Tue, 2015-01-27 at 16:33 -0500, James Sumners wrote:
>>> It's just getting ridiculous at this point.
>>
>> Actually, no. It's about time that some of the core capabilities of
>> Linux were put under the security microscope. This particular issue
>> doesn't allow a root access but does allow access as the user running a
>> vulnerable process. So turn on selinux while this is getting patched and
>> privilege escalations are mostly moot.
> 
> It's also very difficult to exploit (in spite of the EXIM example /
> PoC).  You can only overwrite a very limited number of bytes (4 bytes on
> 32 bit machines and 8 bytes on 64 bit machines) and that's then just
> beginning your your challenges for full RCE.  Not impossible, but far
> FAR from a walk in the park.  Yes, even NULL derefs can be exploited
> and, once you have a reliable exploit, difficulty of exploitation goes
> out the window in a heartbeat.

The microscope argument has merit IMHO, and for me, it prompted a
rebuild of my personal mailserver.  That also prompted further
introspection, as the mail archive restore from my offsite backup (@
home) to my VPS took all day and most of the night.  Asymmetric
bandwidth sucks.  New plan:  backup to another VPS at a different
datacenter.

Phil


More information about the Ale mailing list