Mailing List Archive: Linux: Kernel

kernel 2.6.24.1 still vulnerable to the vmsplice local root exploit

Index | Next | Previous | View Threaded

ndenev at gmail

Feb 9, 2008, 10:04 PM

Post #1 of 3 (2556 views)
Permalink

kernel 2.6.24.1 still vulnerable to the vmsplice local root exploit

Hi,

As the subject says the 2.6.24.1 is still vulnerable to the vmsplice
local root exploit.

[opa [at] tes tmp]$ uname -a
Linux tester 2.6.24.1 #1 Sun Feb 10 00:06:49 EST 2008 i686 unknown
[opa [at] tes tmp]$ ./vms

-----------------------------------
Linux vmsplice Local Root Exploit
By qaaz
-----------------------------------
[+] mmap: 0x0 .. 0x1000
[+] page: 0x0
[+] page: 0x20
[+] mmap: 0x4000 .. 0x5000
[+] page: 0x4000
[+] page: 0x4020
[+] mmap: 0x1000 .. 0x2000
[+] page: 0x1000
[+] mmap: 0xb7f56000 .. 0xb7f88000
[+] root
[root [at] tes tmp]#
[root [at] tes tmp]# id
uid=0(root) gid=0(root) groups=2033(opa)
[root [at] tes tmp]# uname -a
Linux test 2.6.24.1 #1 Sun Feb 10 00:06:49 EST 2008 i686 unknown

Is there any known fix/patch for this?
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo [at] vger
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

w at 1wt

Feb 9, 2008, 10:32 PM

Post #2 of 3 (2437 views)
Permalink

Re: kernel 2.6.24.1 still vulnerable to the vmsplice local root exploit [In reply to]

On Sun, Feb 10, 2008 at 08:04:35AM +0200, Niki Denev wrote:
> Hi,
>
> As the subject says the 2.6.24.1 is still vulnerable to the vmsplice
> local root exploit.

Yes indeed, that's quite bad. 2.6.24-git is still vulnerable too, and
also contains the fix :-(

CC'd Jens as he worked on the fix.

Willy

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo [at] vger
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

ndenev at gmail

Feb 9, 2008, 10:38 PM

Post #3 of 3 (2441 views)
Permalink

Re: kernel 2.6.24.1 still vulnerable to the vmsplice local root exploit [In reply to]

On Feb 10, 2008 8:32 AM, Willy Tarreau <w [at] 1wt> wrote:
> On Sun, Feb 10, 2008 at 08:04:35AM +0200, Niki Denev wrote:
> > Hi,
> >
> > As the subject says the 2.6.24.1 is still vulnerable to the vmsplice
> > local root exploit.
>
> Yes indeed, that's quite bad. 2.6.24-git is still vulnerable too, and
> also contains the fix :-(
>
> CC'd Jens as he worked on the fix.
>
> Willy
>
>

I was unable to gain root on 2.6.24-git20
but after several segfaults when executing the exploit continously
the machine crashes.

--Niki
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo [at] vger
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact lists@gossamer-threads.com