Red Hat Bugzilla – Bug 20833
halt script allows remote DoS
Last modified: 2014-03-16 22:17:14 EDT
The halt script performs the same actions as "shutdown -h now". The
shutdown script can only be run by root. The halt script, which points
to /usr/bin/consolehelper allows a remote, unprivledged user to execute
the halt command, thus halting the machine. This is an explotable DoS
attack, for any RedHat machine that allows remote shell access. This is
the default installation of RedHat 7.0.
This has nothing to do with console-tools, reassigning...
Also, I think the default setting is to let only local users shut down the system.
Sorry for the console-tools assignment, that was a guess. I just tested this
on a RedHat 7.0 box with a normal user (ie., no special group perms, etc.) from
a simple telnet session and I was able to halt the remote box. My original
assumption was that this was only for console users as well, but it turns out
that it is remote exploitable.
Do you have the latest usermode errata (1.37) installed? I can't reproduce this
problem with all of the current errata, although it was possible prior to one of
the usermode errata updates.
The usermode 1.37 errata fixes the problem. The description for the patch says
nothing specific that would have lead me to believe that it fixed this
problem. It does mention that it fixes a "potential" security problem in
userhelper, but I don't know if this is what was meant. Thanks for the help.
OK, resolving as fixed in the errata release.