CVE-2016-0728

[soban]

I tested on lxc (on Virtual Machine [CT]) this exploit https://gist.github.com/PerceptionPointTeam/18b1e86d1c0f8531ff8f

user@host:~$ uname -a
Linux host-soban 4.2.6-1-pve #1 SMP Sun Jan 10 15:21:19 CET 2016 x86_64 GNU/Linux
user@host:~$ cat /etc/issue
Debian GNU/Linux 8 \n \l

and crash all server. Can I send that to support?

 

[wolfgang]

Hi,

we know of this cve.

I opened a bug in the bugzilla.
see https://bugzilla.proxmox.com/show_bug.cgi?id=874

When the patches arrived in the kernel we will add this in our kernel

 

[soban]

Thank you

 

[wolfgang]

We have fixed it and we will roll out the pacht soon.
For kernel 3.10 and 4.2.

 

[soban]

OK, thank for Your professional support.

 

[tom]

we already uploaded a 4.2 kernel and a 3.10.0-16 with the fix, please test.
(currently in pvetest and pve-no-subscription)

 

[soban]

$ ./cve-2016 PP1
uid=1001, euid=1001
Increfing...
finished increfing
forking...
finished forking
caling revoke...
uid=1001, euid=1001
$ whoami
soban

OK, server don't crash and work all fine.
I made update kernel:
uname -a
Linux host-soban 4.2.6-1-pve #1 SMP Thu Jan 21 09:34:06 CET 2016 x86_64 GNU/Linux

Thank for you support!