oss-sec mailing list archives

Re: CVE-2014-7975: 0-day umount denial of service

From: rf () q-leap de
Date: Thu, 9 Oct 2014 13:06:02 +0200

"Andy" == Andy Lutomirski <luto () amacapital net> writes:


    Andy> I just screwed up and typoed my git send-email command, so
    Andy> there's now a publicly available exploit for a new umount bug.

    Andy> Fortunately this one isn't terribly serious, but it might be
    Andy> usable for more than just DoS if some daemon reacts poorly to
    Andy> being unable to write to the filesystem.

    Andy> http://thread.gmane.org/gmane.linux.kernel.stable/109312

Hmm, what damage is this supposed to do? I get (3.12.29):

ql-front-t:/dev/pts# /root/remount-exploit /dev
remount_ro, a DoS by Andy Lutomirski
remount-exploit: umount: Device or resource busy

Maybe you should specify what versions are supposed to be vulnerable

-- 
Roland

-------
http://www.q-leap.com / http://qlustar.com
          --- HPC / Storage / Cloud Linux Cluster OS ---

Current thread:

CVE-2014-7975: 0-day umount denial of service Andy Lutomirski (Oct 08)
- Re: CVE-2014-7975: 0-day umount denial of service rf (Oct 09)
  - Re: CVE-2014-7975: 0-day umount denial of service Andy Lutomirski (Oct 09)
    - Re: CVE-2014-7975: 0-day umount denial of service rf (Oct 10)