Mailinglist Archive: opensuse-security (46 mails)

[Vladislav Kislyi <vladislav.kisliy@xxxxxxxxx>]

Hello James!
Did you try
echo "alias net-pf-21 off" > /etc/modprobe.d/disable-rds ?

On 21 of October 2010 22:42:49 James Wright wrote:
> Hello,
>
> After reading about the RDS vulnerability identified by VSR Security
> <http://www.zdnet.com/blog/security/linux-kernel-vulnerability-coughs-up-su
> peruser-rights/7509?tag=nl.e539>, I tested this out for myself by compiling
>  the proof of concept.  Here is the output of the test:
>
>
> jfwright@linux-x0ou:~/Downloads> id
> uid=1000(jfwright) gid=100(users)
> groups=16(dialout),20(cdrom),33(video),100(users),1000(vboxusers)
> jfwright@linux-x0ou:~/Downloads> ./linux-rds-exploit
> [*] Linux kernel >= 2.6.30 RDS socket exploit
> [*] by Dan Rosenberg
> [*] Resolving kernel addresses...
>  [+] Resolved rds_proto_ops to 0xffffffffa0f5ee80
>  [+] Resolved rds_ioctl to 0xffffffffa0f57000
>  [+] Resolved commit_creds to 0xffffffff810785f0
>  [+] Resolved prepare_kernel_cred to 0xffffffff81078790
> [*] Overwriting function pointer...
> [*] Triggering payload...
> [*] Restoring function pointer...
> [*] Got root!
> linux-x0ou:~/Downloads> id
> uid=0(root) gid=0(root)
>
>
> As you can see it works.  I then updated the kernel to:
>
>
> Repository: @System
> Name: kernel-desktop
> Version: 2.6.34.7-0.4.1
> Arch: x86_64
> Vendor: openSUSE
> Installed: Yes
> Status: up-to-date
>
>
> I have at least a few and possibly many machines that will require a
> security fix.  Is there a planned release date for a security patch,
> and is there a known work around to prevent this from being exploited?
>
>
> Thanks,
> James

-- 
Faithfully yours,  Vladislav.
-- 
To unsubscribe, e-mail: opensuse-security+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-security+help@xxxxxxxxxxxx