Thank you Vladislav, I have tried just now per your suggestion and it seems that it works! jfwright@linux-x0ou:~/Downloads> ./linux-rds-exploit [*] Linux kernel >= 2.6.30 RDS socket exploit [*] by Dan Rosenberg [*] Could not open socket. Thank you very much! Thanks, James On Thu, Oct 21, 2010 at 4:23 PM, Vladislav Kislyi <vladislav.kisliy@gmail.com> wrote:
Hello James! Did you try echo "alias net-pf-21 off" > /etc/modprobe.d/disable-rds ?
On 21 of October 2010 22:42:49 James Wright wrote:
Hello,
After reading about the RDS vulnerability identified by VSR Security <http://www.zdnet.com/blog/security/linux-kernel-vulnerability-coughs-up-su peruser-rights/7509?tag=nl.e539>, I tested this out for myself by compiling the proof of concept. Here is the output of the test:
jfwright@linux-x0ou:~/Downloads> id uid=1000(jfwright) gid=100(users) groups=16(dialout),20(cdrom),33(video),100(users),1000(vboxusers) jfwright@linux-x0ou:~/Downloads> ./linux-rds-exploit [*] Linux kernel >= 2.6.30 RDS socket exploit [*] by Dan Rosenberg [*] Resolving kernel addresses... [+] Resolved rds_proto_ops to 0xffffffffa0f5ee80 [+] Resolved rds_ioctl to 0xffffffffa0f57000 [+] Resolved commit_creds to 0xffffffff810785f0 [+] Resolved prepare_kernel_cred to 0xffffffff81078790 [*] Overwriting function pointer... [*] Triggering payload... [*] Restoring function pointer... [*] Got root! linux-x0ou:~/Downloads> id uid=0(root) gid=0(root)
As you can see it works. I then updated the kernel to:
Repository: @System Name: kernel-desktop Version: 2.6.34.7-0.4.1 Arch: x86_64 Vendor: openSUSE Installed: Yes Status: up-to-date
I have at least a few and possibly many machines that will require a security fix. Is there a planned release date for a security patch, and is there a known work around to prevent this from being exploited?
Thanks, James
-- Faithfully yours, Vladislav.
To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org
-- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org