Uploaded image for project: 'OpenVZ'
  1. OpenVZ
  2. OVZ-6296

CVE-2015-2925 affects EL6-based openvz kernel with simfs-based containers

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Minor
    • Resolution: Fixed
    • Fix Version/s: OpenVZ-legacy
    • Component/s: Containers::Kernel
    • Security Level: Public
    • Environment:
      Operating System: RHEL/CentOS 6
      Platform: All

      Description

      IRC nick TheJH reported in the #openvz IRC channel on June 10th... that CVE-2015-2925 affects the EL6-based OpenVZ kernel with simfs-based containers... and that it is trival to modify files on the host system (thinks like /etc/shadow). Red Hat doesn't seem interested in fixing this bug as seen here:

      https://access.redhat.com/security/cve/CVE-2015-2925

      They say it affects their EL6 and EL7 kernels and that.. "Future kernel updates for Red Hat Enterprise Linux 6 and 7 and Red Hat Enterprise MRG 2 may address this issue."

      I'm guessing it is going to take OpenVZ intervention to get this bug fixed in the OpenVZ kernel.

      Luckily all of my containers are using ploop-based storage which, so far as we know, are not affected by this bug.

        Activity

        Hide
        dowdle@montanalinux.org Scott Dowdle added a comment -

        I installed the provided updated kernel packages, rebooted, and then tried the simple exploit commands listed in comment 3... and they no longer worked.

        Hopefully Jann Horn can try out out the updated packages to see if any additional aspects/tactics beyond the commands listed in comment 3 (assuming there are some)... and see if the exploit is twarted.

        Show
        dowdle@montanalinux.org Scott Dowdle added a comment - I installed the provided updated kernel packages, rebooted, and then tried the simple exploit commands listed in comment 3... and they no longer worked. Hopefully Jann Horn can try out out the updated packages to see if any additional aspects/tactics beyond the commands listed in comment 3 (assuming there are some)... and see if the exploit is twarted.
        Hide
        kir Kir Kolyshkin added a comment -
        Show
        kir Kir Kolyshkin added a comment - Published to RHEL6-test branch: https://openvz.org/Download/kernel/rhel6-testing/042stab108.3
        Hide
        vvs Vasily Averin added a comment -

        Attachment linux-2.6.18-406.el5.028stab119.1-owl-CVE-2015-2925.diff has been added with description: Patch from Solar Designer for rh5-based kernels

        Show
        vvs Vasily Averin added a comment - Attachment linux-2.6.18-406.el5.028stab119.1-owl-CVE-2015-2925.diff has been added with description: Patch from Solar Designer for rh5-based kernels
        Hide
        vvs Vasily Averin added a comment -

        Solar Designer reports that issue affects RH5-based kernels too.

        His patch was included into 2.6.18-028stab119.2 kernel
        minimal set of RPM packers was uploaded to
        http://fe.parallels.com/b1088a6abb310feef4de61520affdc19/

        Show
        vvs Vasily Averin added a comment - Solar Designer reports that issue affects RH5-based kernels too. His patch was included into 2.6.18-028stab119.2 kernel minimal set of RPM packers was uploaded to http://fe.parallels.com/b1088a6abb310feef4de61520affdc19/
        Hide
        sergeyb Sergey Bronnikov (Inactive) added a comment -
        Show
        sergeyb Sergey Bronnikov (Inactive) added a comment - Published to RHEL5-test branch: http://openvz.org/Download/kernel/rhel5-testing/028stab119.2

          People

          • Assignee:
            vvs Vasily Averin
            Reporter:
            dowdle@montanalinux.org Scott Dowdle
          • Votes:
            0 Vote for this issue
            Watchers:
            7 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: