On Tue, 2010-09-21 at 09:51 -0500, Robert G. (Doc) Savage wrote: > I was expecting to see something similar to the output I got for > the F13 kernel: > > $$$ Kernel release: 2.6.34.6-54.fc13.x86_64 > !!! Could not find symbol: per_cpu__current_task > > A symbol required by the published exploit for CVE-2010-3081 is > not provided by your kernel. The exploit would not work on your > system. > > Thoughts?
The exploit is caused by a failure to correctly check the access and range (for potential underflow) of a value passed to the kernel from userspace. It's a classical exploit and it was fixed promptly. The message you are getting above is different. All kernels provide a number of "symbols", which are exported functions available for use by drivers and other loadable modules. The specific incarnation of the exploit that was being examined by the Ksplice tool looked for the per_cpu__current_task symbol (presumably as part of the kernel stack corruption exercise required for the exploit - I didn't check), which isn't available on some kernels. That doesn't mean they are not vulnerable to the compat exploit, just that they don't have this particular symbol exported. Red Hat fixed the exploit without affecting which symbols were or were not exported by the RHEL5 kernel, because that was not the actual problem. Again, Ksplice did a good job with a utility, but it is just a handy utility that helped some folks look to see if their systems might be exploited by one version of the exploit. Does that help? Jon. _______________________________________________ rhelv5-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/rhelv5-list
