Re: CVE-2014-7975: 0-day umount denial of service

[rf () q-leap de]

> > > > > "Andy" == Andy Lutomirski <luto () amacapital net> writes:

    >> Andy> I just screwed up and typoed my git send-email command, so
    >> Andy> there's now a publicly available exploit for a new umount bug.

    >> Andy> Fortunately this one isn't terribly serious, but it might be
    >> Andy> usable for more than just DoS if some daemon reacts poorly to
    >> Andy> being unable to write to the filesystem.

    >> Andy> http://thread.gmane.org/gmane.linux.kernel.stable/109312

    >> Hmm, what damage is this supposed to do? I get (3.12.29):

    >> ql-front-t:/dev/pts# /root/remount-exploit /dev
    >> remount_ro, a DoS by Andy Lutomirski
    >> remount-exploit: umount: Device or resource busy

    >> Maybe you should specify what versions are supposed to be
    >> vulnerable

    Andy> The PoC does pretty much the same thing as

    Andy> # mount -o remount,ro TARGET

    Andy> but it doesn't require privilege to run.

    Andy> Due to the way that Linux handles filesystem business, it is
    Andy> unlikely to work on filesystems that have anything open for
    Andy> writing.  (It works on my Fedora system targetting /dev.)  The
    Andy> upshot is that it may be difficult to exploit in any
    Andy> meaningful way on some systems.

    Andy> It may also work more reliably against network filesystems.
    Andy> I'm not really sure.

    Andy> That output means that you're vulnerable.  You would have
    Andy> gotten something like "Permission denied" if you weren't
    Andy> vulnerable.

Thanks for clarifying.

-- 
Roland

-------
http://www.q-leap.com / http://qlustar.com
          --- HPC / Storage / Cloud Linux Cluster OS ---