[opensuse] A unsafe bug in the Kernels after 2.6.17.
Hello, community. Maybe most of you have heard that there's a bug in vmsplice(2), the local user can get the root's exploit easily. This is the test in my machine: kermit@linux-myt:~/Programming/C> id uid=1000(kermit) gid=100(users) groups=16(dialout),33(video),100(users),1111(vboxusers) kermit@linux-myt:~/Programming/C> ./vmtest ----------------------------------- Linux vmsplice Local Root Exploit By qaaz ----------------------------------- [+] mmap: 0x0 .. 0x1000 [+] page: 0x0 [+] page: 0x20 [+] mmap: 0x4000 .. 0x5000 [+] page: 0x4000 [+] page: 0x4020 [+] mmap: 0x1000 .. 0x2000 [+] page: 0x1000 [+] mmap: 0xb7ed3000 .. 0xb7f05000 [+] root linux-myt:~/Programming/C # id uid=0(root) gid=0(root) groups=16(dialout),33(video),100(users),1111(vboxusers) linux-myt:~/Programming/C # uname -r 2.6.22.5-31-default linux-myt:~/Programming/C # In Kernel 2.6.24, there's also exist this bug. This bug has been repaired, you can get the information from the following link: http://lkml.org/lkml/2008/2/10/118 <http://lkml.org/lkml/2008/2/10/118> The following stable edition is for this bug: 2.6.24.2 http://lkml.org/lkml/2008/2/11/17 <http://lkml.org/lkml/2008/2/11/17> 2.6.23.16 http://lkml.org/lkml/2008/2/11/19 2.6.22.18 http://lkml.org/lkml/2008/2/11/27 Repair our system,please. By the way, using the following code, you can test you system whether this bug exist: http://www.milw0rm.com/exploits/5092 Kind regards kermit -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Tuesday 12 February 2008 20:03:46 Kermit Mei wrote:
Hello, community. Maybe most of you have heard that there's a bug in vmsplice(2), the local user can get the root's exploit easily.
The fixed kernel has already been released through online update Anders -- Madness takes its toll -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Anders Johansson wrote:
On Tuesday 12 February 2008 20:03:46 Kermit Mei wrote:
Hello, community. Maybe most of you have heard that there's a bug in vmsplice(2), the local user can get the root's exploit easily.
The fixed kernel has already been released through online update
oh,I'm sorry for that I haven't turned on the online update , so I don't know. kermit
Anders
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Kermit Mei wrote:
Anders Johansson wrote:
On Tuesday 12 February 2008 20:03:46 Kermit Mei wrote:
Hello, community. Maybe most of you have heard that there's a bug in vmsplice(2), the local user can get the root's exploit easily.
The fixed kernel has already been released through online update
oh,I'm sorry for that I haven't turned on the online update , so I don't know.
kermit
Anders
i run the "Online Update" of yast2 and don't appear any update... do u know why? i have this: nautilus:~ # uname -a Linux nautilus 2.6.22.5-31-default #1 SMP 2007/09/21 22:29:00 UTC i686 i686 i386 GNU/Linux thank you... Correo escaneado contra virus Subdireccion de Tecnologia de la Informacion del ISSSTE Correo escaneado contra virus Subdireccion de Tecnologia de la Informacion del ISSSTE
On Tuesday 12 February 2008 01:25:03 pm Victor Antonio Chávez de Anda wrote:
Kermit Mei wrote:
Anders Johansson wrote:
On Tuesday 12 February 2008 20:03:46 Kermit Mei wrote:
Hello, community. Maybe most of you have heard that there's a bug in vmsplice(2), the local user can get the root's exploit easily.
The fixed kernel has already been released through online update
oh,I'm sorry for that I haven't turned on the online update , so I don't know.
kermit
Anders
i run the "Online Update" of yast2 and don't appear any update... do u know why? i have this: nautilus:~ # uname -a Linux nautilus 2.6.22.5-31-default #1 SMP 2007/09/21 22:29:00 UTC i686 i686 i386 GNU/Linux
thank you...
That is kernel delivered on CD/DVD. Try first to add update repository: zypper addrepo http://download.opensuse.org/update/10.3/ Update than go to YOU (YaST Online Update) and see for updates. -- Regards, Rajko. See http://en.opensuse.org/Portal -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Tue, 12 Feb 2008, Rajko M. wrote:-
Try first to add update repository:
zypper addrepo http://download.opensuse.org/update/10.3/ Update
than go to YOU (YaST Online Update) and see for updates.
Or, since he's using the console, just use: zypper up Regards, David Bolt -- Team Acorn: http://www.distributed.net/ OGR-P2 @ ~100Mnodes RC5-72 @ ~15Mkeys SUSE 10.1 32bit | openSUSE 10.2 32bit | openSUSE 10.3 32bit | openSUSE 11.0a1 SUSE 10.1 64bit | openSUSE 10.2 64bit | openSUSE 10.3 64bit RISC OS 3.6 | TOS 4.02 | openSUSE 10.3 PPC | RISC OS 3.11 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
That is kernel delivered on CD/DVD.
Try first to add update repository:
zypper addrepo http://download.opensuse.org/update/10.3/ Update
than go to YOU (YaST Online Update) and see for updates All right, i do it men, thank you very much, sorry, may this is "tipical" or "normal" for you, but i'm new in this excelent OS, please, be pacient :D i'm installing the new kernel and all that updates thankx for the help, good day
Welcome to the real world... Correo escaneado contra virus Subdireccion de Tecnologia de la Informacion del ISSSTE Correo escaneado contra virus Subdireccion de Tecnologia de la Informacion del ISSSTE
On Tuesday 12 February 2008 20:20, Kermit Mei wrote:
Anders Johansson wrote:
On Tuesday 12 February 2008 20:03:46 Kermit Mei wrote:
Hello, community. Maybe most of you have heard that there's a bug in vmsplice(2), the local user can get the root's exploit easily.
The fixed kernel has already been released through online update
oh,I'm sorry for that I haven't turned on the online update , so I don't know.
And didn't you send this once before? And weren't you told that the fix was in the pipeline? Gees, give it a rest. Mike -- Powered by SuSE 10.0 Kernel 2.6.13 X86_64 KDE 3.4 Kmail 1.8 8:39pm up 181 days 1:11, 5 users, load average: 2.23, 2.23, 2.20 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Tuesday 12 February 2008 20:20, Kermit Mei wrote:
Anders Johansson wrote:
On Tuesday 12 February 2008 20:03:46 Kermit Mei wrote:
Hello, community. Maybe most of you have heard that there's a bug in vmsplice(2), the local user can get the root's exploit easily.
The fixed kernel has already been released through online update
oh,I'm sorry for that I haven't turned on the online update , so I don't know.
And didn't you send this once before? And weren't you told that the fix was in the pipeline? Gees, give it a rest.
Mike Hi,Mike, I haven't send this before, maybe somebody send it before.I
Mike wrote: think it's must be I haven't seen the thread about this before, and I'm sorry to trouble the others. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Kermit Mei wrote:
Hello, community. Maybe most of you have heard that there's a bug in vmsplice(2), the local user can get the root's exploit easily. This is the test in my machine:
----------------------------------- Linux vmsplice Local Root Exploit By qaaz ----------------------------------- [+] mmap: 0x0 .. 0x1000 [+] page: 0x0 [+] page: 0x20 [+] mmap: 0x4000 .. 0x5000 [+] page: 0x4000 [+] page: 0x4020 [+] mmap: 0x1000 .. 0x2000 [+] page: 0x1000 [+] mmap: 0xb7ed3000 .. 0xb7f05000 [+] root
Yep, verified that 2.6.24.2 and 2.6.25-rc1 here do not have the problem: lucy: /home/jjs (tty/dev/pts/0): bash: 1001 > ./a.out ----------------------------------- Linux vmsplice Local Root Exploit By qaaz ----------------------------------- [+] mmap: 0x0 .. 0x1000 [+] page: 0x0 [+] page: 0x20 [+] mmap: 0x4000 .. 0x5000 [+] page: 0x4000 [+] page: 0x4020 [+] mmap: 0x1000 .. 0x2000 [+] page: 0x1000 [+] mmap: 0xb7dab000 .. 0xb7ddd000 [-] vmsplice: Bad address lucy: /home/jjs (tty/dev/pts/0): bash: 1002 > uname -a Linux lucy 2.6.24.2-default #1 SMP Mon Feb 11 11:15:10 PST 2008 i686 i686 i386 GNU/Linux -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
participants (7)
-
Anders Johansson -
David Bolt -
Kermit Mei -
Mike -
Rajko M. -
Sloan -
Victor Antonio Chávez de Anda