Tuesday, February 12, 2008

AppOS not vulnerable to local root exploit

This week started off with this local root exploit in Linux. Today we saw some patches from rPath, whose Linux distribution was vulnerable, like any other Linux system running 2.6.17 and later. Those customers have been vulnerable to this attack, which could potentially be deployed remotely through an insecure service running on the system, there are many different ways that this could easily be turned into a remote attack. Even something as simple as weak passwords on a customer account. This might be okay for your box at home or that server in the lab that has no Internet access. Requiring an upgrade and then a reboot, resulting in downtime to fix this is a serious matter for a business.

While AppOS, was running the vulnerable kernel, the exploit could not be used against AppOS thanks to the security mechanisms built into AppOS. Maybe I should refer to them as the severely paranoid security mechanisms. In fact, there was no way for a remote user to even execute the exploit even if they had accessed a local users account, as it could not be written to the system providing the services, thanks to the unique approach to chroot jails that AppOS uses. Our customers enjoyed the comfort of our zero day attack protection, the kernel still has exploitable code, which is fixed with an AppOS update image. However, the severity is low, and not critical like it is with our competitors solutions. Our customers can upgrade during their maintenance window, at their own leisure.

No comments: