Linux VServer Project CHRoot Breakout Vulnerability
BID:9596
Info
Linux VServer Project CHRoot Breakout Vulnerability
| Bugtraq ID: | 9596 |
| Class: | Failure to Handle Exceptional Conditions |
| CVE: |
CVE-2005-4347 CVE-2004-2073 |
| Remote: | No |
| Local: | Yes |
| Published: | Feb 06 2004 12:00AM |
| Updated: | Jul 05 2016 10:21PM |
| Credit: | Discovery of this issue has been credited to Markus M?ller <[email protected]>. |
| Vulnerable: |
VServer Linux-VServer 1.24 VServer Linux-VServer 1.23 VServer Linux-VServer 1.22 VServer Linux-VServer 1.21 VServer Linux-VServer 1.20 Debian Linux 3.1 sparc Debian Linux 3.1 s/390 Debian Linux 3.1 ppc Debian Linux 3.1 mipsel Debian Linux 3.1 mips Debian Linux 3.1 m68k Debian Linux 3.1 ia-64 Debian Linux 3.1 ia-32 Debian Linux 3.1 hppa Debian Linux 3.1 arm Debian Linux 3.1 amd64 Debian Linux 3.1 alpha Debian Linux 3.1 |
| Not Vulnerable: |
VServer Linux-VServer 1.25 |
Discussion
Linux VServer Project CHRoot Breakout Vulnerability
VServer is reported prone to a breakout vulnerability that allows a malicious user to escape from the context of the chrooted root directory of the virtual server. This issue is due to the VServer application failing to secure itself against a "chroot-again" style vulnerability. Successful exploitation of this issue may allow an attacker to gain access to the filesystem outside of the chrooted root directory.
VServer is reported prone to a breakout vulnerability that allows a malicious user to escape from the context of the chrooted root directory of the virtual server. This issue is due to the VServer application failing to secure itself against a "chroot-again" style vulnerability. Successful exploitation of this issue may allow an attacker to gain access to the filesystem outside of the chrooted root directory.
Exploit / POC
Linux VServer Project CHRoot Breakout Vulnerability
The following exploit has been provided:
The following exploit has been provided:
Solution / Fix
Linux VServer Project CHRoot Breakout Vulnerability
Solution:
The vendor has released an upgrade dealing with this issue.
Debian GNU/Linux has discovered that their original patches to address this issue were incomplete. Debian has released an advisory and fixes to properly address this issue in the util-vserver package and in the Linux kernel version 2.4 vserver patch. Please see the referenced advisory and Debian bug references for more information.
VServer Linux-VServer 1.20
VServer Linux-VServer 1.21
VServer Linux-VServer 1.22
VServer Linux-VServer 1.23
VServer Linux-VServer 1.24
Solution:
The vendor has released an upgrade dealing with this issue.
Debian GNU/Linux has discovered that their original patches to address this issue were incomplete. Debian has released an advisory and fixes to properly address this issue in the util-vserver package and in the Linux kernel version 2.4 vserver patch. Please see the referenced advisory and Debian bug references for more information.
VServer Linux-VServer 1.20
-
VServer patch-2.4.24-vs1.25.diff.gz
http://www.13thfloor.at/vserver/s_release/v1.25/patch-2.4.24-vs1.25.di ff.gz -
VServer split-2.4.24-vs1.25.tar.gz
http://www.13thfloor.at/vserver/s_release/v1.25/split-2.4.24-vs1.25.ta r.gz -
VServer util-vserver-0.28-1mdk.i586.rpm
http://www.13thfloor.at/vserver/s_release/v1.25/util-vserver-0.28-1mdk .i586.rpm -
VServer util-vserver-0.28.tar.bz2
http://www.13thfloor.at/vserver/s_release/v1.25/util-vserver-0.28.tar. bz2 -
VServer util-vserver-linuxconf-0.28-1mdk.i586.rpm
http://www.13thfloor.at/vserver/s_release/v1.25/util-vserver-linuxconf -0.28-1mdk.i586.rpm
VServer Linux-VServer 1.21
-
VServer patch-2.4.24-vs1.25.diff.gz
http://www.13thfloor.at/vserver/s_release/v1.25/patch-2.4.24-vs1.25.di ff.gz -
VServer split-2.4.24-vs1.25.tar.gz
http://www.13thfloor.at/vserver/s_release/v1.25/split-2.4.24-vs1.25.ta r.gz -
VServer util-vserver-0.28-1mdk.i586.rpm
http://www.13thfloor.at/vserver/s_release/v1.25/util-vserver-0.28-1mdk .i586.rpm -
VServer util-vserver-0.28.tar.bz2
http://www.13thfloor.at/vserver/s_release/v1.25/util-vserver-0.28.tar. bz2 -
VServer util-vserver-linuxconf-0.28-1mdk.i586.rpm
http://www.13thfloor.at/vserver/s_release/v1.25/util-vserver-linuxconf -0.28-1mdk.i586.rpm
VServer Linux-VServer 1.22
-
VServer patch-2.4.24-vs1.25.diff.gz
http://www.13thfloor.at/vserver/s_release/v1.25/patch-2.4.24-vs1.25.di ff.gz -
VServer split-2.4.24-vs1.25.tar.gz
http://www.13thfloor.at/vserver/s_release/v1.25/split-2.4.24-vs1.25.ta r.gz -
VServer util-vserver-0.28-1mdk.i586.rpm
http://www.13thfloor.at/vserver/s_release/v1.25/util-vserver-0.28-1mdk .i586.rpm -
VServer util-vserver-0.28.tar.bz2
http://www.13thfloor.at/vserver/s_release/v1.25/util-vserver-0.28.tar. bz2 -
VServer util-vserver-linuxconf-0.28-1mdk.i586.rpm
http://www.13thfloor.at/vserver/s_release/v1.25/util-vserver-linuxconf -0.28-1mdk.i586.rpm
VServer Linux-VServer 1.23
-
VServer patch-2.4.24-vs1.25.diff.gz
http://www.13thfloor.at/vserver/s_release/v1.25/patch-2.4.24-vs1.25.di ff.gz -
VServer split-2.4.24-vs1.25.tar.gz
http://www.13thfloor.at/vserver/s_release/v1.25/split-2.4.24-vs1.25.ta r.gz -
VServer util-vserver-0.28-1mdk.i586.rpm
http://www.13thfloor.at/vserver/s_release/v1.25/util-vserver-0.28-1mdk .i586.rpm -
VServer util-vserver-0.28.tar.bz2
http://www.13thfloor.at/vserver/s_release/v1.25/util-vserver-0.28.tar. bz2 -
VServer util-vserver-linuxconf-0.28-1mdk.i586.rpm
http://www.13thfloor.at/vserver/s_release/v1.25/util-vserver-linuxconf -0.28-1mdk.i586.rpm
VServer Linux-VServer 1.24
-
VServer patch-2.4.24-vs1.25.diff.gz
http://www.13thfloor.at/vserver/s_release/v1.25/patch-2.4.24-vs1.25.di ff.gz -
VServer split-2.4.24-vs1.25.tar.gz
http://www.13thfloor.at/vserver/s_release/v1.25/split-2.4.24-vs1.25.ta r.gz -
VServer util-vserver-0.28-1mdk.i586.rpm
http://www.13thfloor.at/vserver/s_release/v1.25/util-vserver-0.28-1mdk .i586.rpm -
VServer util-vserver-0.28.tar.bz2
http://www.13thfloor.at/vserver/s_release/v1.25/util-vserver-0.28.tar. bz2 -
VServer util-vserver-linuxconf-0.28-1mdk.i586.rpm
http://www.13thfloor.at/vserver/s_release/v1.25/util-vserver-linuxconf -0.28-1mdk.i586.rpm
References
Linux VServer Project CHRoot Breakout Vulnerability
References:
References:
- Debian Bug report logs - #329087 (Debian)
- Debian Bug report logs - #329090 (Debian)
- VServer Home Page (VServer)
- Linux 2.4.24 with vserver 1.24 exploit (Markus M?ller
)