On Mon, Sep 20, 2010 at 06:51:16PM -0400, Jon wrote: > > Package: linux-2.6 > Version: 2.6.32-23 > Justification: root security hole > Severity: critical > Tags: security > > > The changelog says the CVE-2010-3301 was fixed in this update: > * x86-64, compat (CVE-2010-3301): > - Retruncate rax after ia32 syscall entry tracing > - Test %rax for the syscall number, not %eax > > But a test of the exploit shows otherwise: > > n...@nobel:~(0)$ ./robert_you_suck > resolved symbol commit_creds to 0xffffffff8106914d > resolved symbol prepare_kernel_cred to 0xffffffff81069050 > mapping at 3f80000000 > UID 1000, EUID:1000 GID:100, EGID:100 > $
How so? UID 1000 isn't root... -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
