Jump to content


Photo

Netscaler and Dirty COW

Started by Mark Lininger , 24 October 2016 - 03:18 PM
7 replies to this topic

Best Answer Paul Blitz , 24 October 2016 - 05:03 PM

Looks like a Linux bug, so I can't seethat it will affect the Netscaler Kernel or the BSD.

Mark Lininger Members

Mark Lininger
  • 40 posts

Posted 24 October 2016 - 03:18 PM

Hi Everyone - 

I know that this is really early and we will hopefully hear from Citrix directly on this, but I was wondering if we can safely say that Netscaler isn't affected by this bug because it is BSD based?

 

Sources:

http://dirtycow.ninja/

https://www.engadget.com/2016/10/24/linux-exploit-gives-any-user-full-access-in-five-seconds/

 



Paul Blitz Members

Paul Blitz
  • 3,695 posts

Posted 24 October 2016 - 05:03 PM

Looks like a Linux bug, so I can't seethat it will affect the Netscaler Kernel or the BSD.


Best Answer

Ketil Gjerde Members

Ketil Gjerde
  • 31 posts

Posted 24 October 2016 - 05:49 PM

Except probably from NetScaler SDX, which is XenServer based, and as far as I know running linux kernel.
But of course you should not have untrusted users with shell access to your management network in the first place, which is a requirement for this privilege escalation.



Ketil Gjerde Members

Ketil Gjerde
  • 31 posts

Posted 26 October 2016 - 02:12 PM

A bit off topic, but how is NetScaler SDX a FreeBSD system?

# uname -a
Linux xxx 3.10.0+2 #1 SMP Tue Jun 23 10:05:26 EDT 2015 x86_64 x86_64 x86_64 GNU/Linux

 

# rpm -qa grep kernel
kernel-3.10.41-339.380429


Ross Bender Members

Ross Bender
  • 107 posts

Posted 26 October 2016 - 02:19 PM

Our SDX (11515) reports:

 

FreeBSD asc-sdx-pri 8.4-NETSCALER-11.0 FreeBSD 8.4-NETSCALER-11.0 #1: Wed Jul 13 21:46:38 PDT 2016     root@sjcpbsd8411.eng.citrite.net:/usr/obj/usr/home/build/rs_110_67_8_RTM/usr.src/sys/NSSVM  amd64

 

VPX instance on that SDX reports:

FreeBSD ASC-EMPL-NS01 8.4-NETSCALER-11.0 FreeBSD 8.4-NETSCALER-11.0 #0: Wed Jul 13 19:31:23 PDT 2016     root@sjcpbsd8410.eng.citrite.net:/usr/obj/usr/home/build/rs_110_67_8_RTM/usr.src/sys/NS64  amd64



Ketil Gjerde Members

Ketil Gjerde
  • 31 posts

Posted 26 October 2016 - 02:37 PM

Yes, but that is the Service VM which itself is a virtual instance on the XenServer.
So I guess if you see them both a part of the NetScaler SDX package, then it's one part Linux and one part FreeBSD? :)



Abhijith Chandrashekar Citrix Employees

Abhijith Chandrashekar
  • 3 posts

Posted 15 November 2016 - 09:35 PM

Please refer to the blog on this subject - https://www.citrix.com/blogs/2016/11/09/cve-2016-5195-dirty-cow-and-netscaler/



Paul Blitz Members

Paul Blitz
  • 3,695 posts

Posted 16 November 2016 - 10:08 AM

Netscaler SDX:

Xenserver itself is, as you say, linux-related

The SVM is a 64 bit Free BSD VM

Netscaler instances are Netscaler Kernel with a BSD shell within it.

 

Netscaler VPX / MPX are Netscaler Kernel with a BSD shell within it.