| View previous topic :: View next topic |
| Author |
Message |
bilbrey
Muse Root
Joined: 04 Apr 2002
Posts: 210
Location: Sunnyvale, CA, USA
|
 Posted: Sun Jan 09, 2005 4:05 pm Post subject: Linux kernel vulnerability. |
 |
|
There's a local user vulnerability in the Linux kernel, 2.4.x and 2.6.x trees both. Marcello Tosatti, 2.4 tree maintainer has released 2.4.29-rc1, which contains a patch for the issue. A set of patches for the 2.6 tree appears to be forthcoming soon. Keep an eye on the kernel updates for your distro, or the progress on the next version of the kernel.org 2.6 tree if you roll your own, with intent to upgrade soon.
Please note that my reading shows that this is a local-user root-privilege exploit as has been frantically posted elsewhere. [I am trying to personally test this now, but can't get the exploit code to compile...] Had it come to light at the same time that the PHP Santi worm was doing it's worst, boxen could have been defaced *and* owned.
The "responsible citizen" who sent the exploit and notification out says he sent first privately to Linus on December 15, then some group called PaX sent again to Linus and Andrew Morton on January 2. They then released they exploit publically 5 days later, saying that enough time had passed for a reply and/or a patch, neither had happened, so he went public.
I might have done things a little differently, perhaps by including Alan Cox, Marcello, and a couple of other key lieutenants in the initial warning, in hopes of better getting past Linus' well-known throw-them-all-away mailbox overload solution.
Next, I might have posted to LKML that I had done so, and described in general terms the possible effects of a public exploit of the vulnerability that I had described privately to those individuals. Then I could count on LKML followers and groupies to keep the heat on from there. But what is, is, and we can only move forward from here.
Opinions, errors of omission and fact are mine and mine alone. Wooo-Hooo! |
|
| Back to top |
|
 |
bilbrey
Muse Root
Joined: 04 Apr 2002
Posts: 210
Location: Sunnyvale, CA, USA
|
| Posted: Sun Jan 09, 2005 9:06 pm Post subject: Re: Linux kernel vulnerability. |
|
|
| bilbrey wrote: | | [I am trying to personally test this now, but can't get the exploit code to compile...] |
Okay. After adding a #define to the code it compiles. The exploit test code fails very, very quickly under the 2.4 kernel. No root privs gained. Under the 2.6 kernel, it brought the system to a crawl as it ate a bunch of RAM, and tried to acquire more, for about 5 minutes, then failed. Again, no root priv. problems. So, on a Debian Sarge system with latest distro kernel-image files for both 2.4 and 2.6, the posted exploit does no grave damage. Just a datapoint, nothing more.
_________________
Brian Bilbrey
http://www.orbdesigns.com
Linux: We own machines to build and test other people's software for free. |
|
| Back to top |
|
|
smahaffey
Subscriber
Joined: 10 May 2002
Posts: 11
Location: Houston
|
| Posted: Mon Jan 10, 2005 11:35 pm Post subject: Fedora Core 3 Has the 2.6 kernel patch |
|
|
Just installed kernel 2.6.10-1.737_FC3, which came out today, I think.
Partial quote of what it fixes from FedoraNEWS.ORG: "CAN-2004-1235
Paul Starzetz from isec.pl found a problem in the binary format loaders uselib()
function that could lead to potential priveledge escalation."...which is, I think, the one that you are talking about.
I'm glad that I looked at this one: I run a nightly yum update but of course that won't reboot to the new kernel for me.
_________________
Steve |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
Powered by phpBB © 2001 phpBB Group
|
FAQ 
Search 
Memberlist 
Usergroups
Register
Profile
Log in to check your private messages 
Log in
