Package: linux-image-2.6.26-2-686
Version: 2.6.26-17lenny2
Severity: critical
Tags: security
Justification: root security hole
Hi,
according to http://www.debian.org/security/2009/dsa-1862 this Version of the
2.6.26-2 Kernel should
not be vulnerable to CVE-2009-2692.
Unfortunately I'm still able to break my system:
c...@server:~$ gcc exploit.c -o exploit
c...@server:~$ ./exploit
sh-3.2# id
uid=0(root) gid=0(root) groups=115(wheel),1000(chs)
I got the exploit from http://www.risesecurity.org/exploits/linux-sendpage.c
Correct my if I got something wrong, but according to my understanding this
shouldn't be possible
with version 2.6.26-17lenny2.
regards,
Christoph Siess
-- Package-specific info:
** Version:
Linux version 2.6.26-2-686 (Debian 2.6.26-17lenny1) (da...@debian.org) (gcc
version 4.1.3 20080704 (prerelease) (Debian 4.1.2-25)) #1 SMP Sun Jul 26
21:25:33 UTC 2009
** Command line:
auto BOOT_IMAGE=Standardkernel ro root=902
** Tainted: G D (128)
** Kernel log:
[4.392639] raid1: raid set md1 active with 2 out of 2 mirrors
[4.440919] md: bindsdb1
[4.441162] md: bindsda1
[4.453869] raid1: raid set md0 active with 2 out of 2 mirrors
[4.569076] device-mapper: uevent: version 1.0.3
[4.569839] device-mapper: ioctl: 4.13.0-ioctl (2007-10-18) initialised:
dm-de...@redhat.com
[4.710503] kjournald starting. Commit interval 5 seconds
[4.710570] EXT3-fs: mounted filesystem with ordered data mode.
[6.096023] udevd version 125 started
[6.723961] Linux agpgart interface v0.103
[6.732652] agpgart: Detected AGP bridge 0
[6.736548] agpgart: AGP aperture is 128M @ 0xe800
[6.930466] input: Power Button (FF) as /class/input/input1
[6.956346] ACPI: Power Button (FF) [PWRF]
[6.956458] input: Power Button (CM) as /class/input/input2
[6.990298] ACPI: Power Button (CM) [PWRB]
[7.195482] pci_hotplug: PCI Hot Plug PCI Core version: 0.5
[7.201614] shpchp: Standard Hot Plug PCI Controller Driver version: 0.4
[7.802580] input: PC Speaker as /class/input/input3
[7.808578] Error: Driver 'pcspkr' is already registered, aborting...
[7.980620] parport_pc 00:0b: reported by Plug and Play ACPI
[7.980731] parport0: PC-style at 0x378, irq 7 [PCSPP]
[8.537383] Adding 4200888k swap on /dev/md0. Priority:-1 extents:1
across:4200888k
[8.572363] EXT3 FS on md2, internal journal
[9.341152] loop: module loaded
[9.434061] md: md5 stopped.
[9.434236] md: md4 stopped.
[ 10.157164] kjournald starting. Commit interval 5 seconds
[ 10.166578] EXT3 FS on md1, internal journal
[ 10.166578] EXT3-fs: mounted filesystem with ordered data mode.
[ 10.189392] kjournald starting. Commit interval 5 seconds
[ 10.246160] EXT3 FS on dm-0, internal journal
[ 10.246160] EXT3-fs: mounted filesystem with ordered data mode.
[ 10.296703] kjournald starting. Commit interval 5 seconds
[ 10.300344] EXT3 FS on dm-1, internal journal
[ 10.300441] EXT3-fs: mounted filesystem with ordered data mode.
[ 11.960656] NET: Registered protocol family 10
[ 11.961204] lo: Disabled Privacy Extensions
[ 12.062284] r8169: eth1: link up
[ 12.514199] r8169: eth0: link up
[ 13.526856] RPC: Registered udp transport module.
[ 13.526927] RPC: Registered tcp transport module.
[ 13.682438] Installing knfsd (copyright (C) 1996 o...@monad.swb.de).
[ 14.918450] OCFS2 Node Manager 1.5.0
[ 14.925701] OCFS2 DLM 1.5.0
[ 14.925701] ocfs2: Registered cluster interface o2cb
[ 14.941711] OCFS2 DLMFS 1.5.0
[ 14.942425] OCFS2 User DLM kernel interface loaded
[ 22.808015] eth1: no IPv6 routers present
[ 23.460010] eth0: no IPv6 routers present
[ 28.964019] IPVS: Registered protocols (TCP, UDP, AH, ESP)
[ 28.964019] IPVS: Connection hash table configured (size=4096,
memory=32Kbytes)
[ 28.964019] IPVS: ipvs loaded.
[ 29.016651] IPVS: [wrr] scheduler registered.
[ 30.018284] Loading iSCSI transport class v2.0-869.
[ 30.086996] iscsi: registered transport (tcp)
[ 30.392917] iscsi: registered transport (iser)
[ 34.715139] warning: `ntpd' uses 32-bit capabilities (legacy support in use)
[ 45.746869] ip_tables: (C) 2000-2006 Netfilter Core Team
[ 352.366693] Bluetooth: Core ver 2.11
[ 352.369727] NET: Registered protocol family 31
[ 352.369789] Bluetooth: HCI device and connection manager initialized
[ 352.369849] Bluetooth: HCI socket layer initialized
[ 352.400930] Bluetooth: L2CAP ver 2.9
[ 352.400992] Bluetooth: L2CAP socket layer initialized
[ 377.416156] general protection fault: [#1] SMP
[ 377.416298] Modules linked in: l2cap bluetooth xt_multiport iptable_filter
ip_tables x_tables ib_iser rdma_cm ib_cm iw_cm ib_sa ib_mad ib_core ib_addr
iscsi_tcp libiscsi scsi_transport_iscsi ip_vs_wrr ip_vs ocfs2_dlmfs
ocfs2_stack_o2cb ocfs2_dlm ocfs2_nodemanager ocfs2_stackglue configfs nfsd
auth_rpcgss exportfs nfs lockd nfs_acl sunrpc ipv6 loop parport_pc parport
pcspkr snd_pcm snd_timer snd soundcore