Mailinglist Archive: opensuse-security (33 mails)

< Previous Next >
[opensuse-security] Possible local root exploit in the kernel
  • From: "Carlos E. R." <robin.listas@xxxxxxxxxxxxxx>
  • Date: Sun, 10 Feb 2008 23:41:44 +0100 (CET)
  • Message-id: <alpine.LSU.1.00.0802102329540.20224@xxxxxxxxxxxxxxxx>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



Hi,

I post this on request of another lister from the Spanish mail list; I don't have personal knowledge of this problem. I would like to see comments on this.


The vulnerability allows a user to become root with any kernel newer than 2.6.17 with vmsplice compiled in. Opensuse 10.3 is affected. A remote attacker gaining access as an unprivileged user (flash hack?) could get root privilege's.

Solutions:

- recompile kernel without vmsplice

- use dynamic patcher from <http://www.ping.uio.no/~mortehu/disable-vmsplice-if-exploitable.c>

it uses the exploit to patch the kernel in memory, disabling vmsplice.

Compile with cc -o disable-vmsplice-if-exploitable disable-vmsplice-if-exploitable.c

and run as user. It could be added to "/etc/rc.d/rc.local" till an update is made available.


- ----

That's all the information I have.

- -- Cheers
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.4-svn0 (GNU/Linux)

iD8DBQFHr32ptTMYHG2NR9URAt5sAKCR5Zam/fcLch9M0pm1nLoraxzp1gCbBaTM
QktfJNQHlT21BTUIAo9rluk=
=XBsl
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-security+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-security+help@xxxxxxxxxxxx

< Previous Next >