Fix for vmsplice exploit...

[Alex Hewitt]

Just after I turned on my Ubuntu 7.10 laptop this morning the update
manager informed me of a fix for the vmsplice exploit. The description:

The vmsplice_to_pipe function in Linux kernel 2.6.17 through 2.6.24.1
does not validate a certain userspace pointer before dereference, which
allows local users to gain root privileges via crafted arguments in a
vmsplice system call, a different vulnerability than CVE-2008-0009 and
CVE-2008-0010.

After rebooting I confirmed the fix by re-running the roothole program
which failed. The output:
~$ ./roothole
---
 Linux vmsplice Local Root Exploit
 By qaaz
---
[+] mmap: 0x0 .. 0x1000
[+] page: 0x0
[+] page: 0x20
[+] mmap: 0x4000 .. 0x5000
[+] page: 0x4000
[+] page: 0x4020
[+] mmap: 0x1000 .. 0x2000
[+] page: 0x1000
[+] mmap: 0xb7d82000 .. 0xb7db4000
[-] vmsplice: Bad address
$


-Alex



___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: Fix for vmsplice exploit...

[Shawn O'Shea]

On 2/13/08, Ted Roche <[EMAIL PROTECTED]> wrote:
>
> Alex Hewitt wrote:
> > Just after I turned on my Ubuntu 7.10 laptop this morning the update
> > manager informed me of a fix for the vmsplice exploit. The description:
> >
>
> I saw the patch come in over the Red Hat Network for a couple of Red Hat
> systems we have subscriptions for, too. Nice to see such quick response
> time!
>
> Johnny Hughes announced the availability of updated kernels for CentOS
today too.
http://lists.centos.org/pipermail/centos/2008-February/094314.html

-Shawn
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: Fix for vmsplice exploit...

[Mark Komarinski]

On 02/13/2008 01:28 PM, Shawn O'Shea wrote:
>
>
> On 2/13/08, *Ted Roche* <[EMAIL PROTECTED] 
> > wrote:
>
> Alex Hewitt wrote:
> > Just after I turned on my Ubuntu 7.10 laptop this morning the update
> > manager informed me of a fix for the vmsplice exploit. The
> description:
> >
>
> I saw the patch come in over the Red Hat Network for a couple of
> Red Hat
> systems we have subscriptions for, too. Nice to see such quick
> response
> time!
>
> Johnny Hughes announced the availability of updated kernels for CentOS 
> today too.
> http://lists.centos.org/pipermail/centos/2008-February/094314.html
There's a module we're using that fixes a running kernel.

http://home.powertech.no/oystein/ptpatch2008/

The patch that made use of the exploit to patch caused two of our 
servers to crash.  The module has been working without issue *knock on 
wood*.

-Mark

___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: Fix for vmsplice exploit...

[Ted Roche]

Alex Hewitt wrote:
> Just after I turned on my Ubuntu 7.10 laptop this morning the update
> manager informed me of a fix for the vmsplice exploit. The description:
> 

I saw the patch come in over the Red Hat Network for a couple of Red Hat 
systems we have subscriptions for, too. Nice to see such quick response 
time!
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: Fix for vmsplice exploit...

[Sarunas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Ted Roche wrote:
> Alex Hewitt wrote:
>> Just after I turned on my Ubuntu 7.10 laptop this morning the update
>> manager informed me of a fix for the vmsplice exploit. The description:
>>
> 
> I saw the patch come in over the Red Hat Network for a couple of Red Hat 
> systems we have subscriptions for, too. Nice to see such quick response 
> time!

This is quick? Debian had updated kernels on Monday, mid-day.

Sarunas Burdulis
Sysadmin at DartMath

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFHs5aWVVkpJ1MUn+YRAgSUAKCBULR3JwAPraVyMIBjWIuILcd9HACbBP4L
XZmlIIIDAFKlwrDK118mUN0=
=Nh0i
-END PGP SIGNATURE-
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: Fix for vmsplice exploit...

[Ben Scott]

On Feb 13, 2008 8:17 PM, Sarunas <[EMAIL PROTECTED]> wrote:
> This is quick? Debian had updated kernels on Monday, mid-day.

  Pfft.  My favorite distro had updated kernels on Friday, before the
exploit was even discovered.

  And Emacs so totally kicks vi's butt.

-- Ben
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Fwd: Fix for vmsplice exploit...

[Bob King]

On Feb 13, 2008 1:04 PM, Ted Roche <[EMAIL PROTECTED]> wrote:

> I saw the patch come in over the Red Hat Network for a couple of Red Hat
> systems we have subscriptions for, too. Nice to see such quick response
> time!


Fedora also. I also saw a fix for Mandriva announced as well. Nice to see
the FOSS community respond so quickly to an issue like this. Nice to know we
don't have to wait for "Patch Tuesday".
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: Fix for vmsplice exploit...

[amc]

Its nice to see how fast the gentoo developers patched the gentoo-sources. 



>From the gentoo.org home page 

Two major security flaws in the Linux kernel were reported last weekend. Both 
flaws have the same impact (root access for local users) and both exist within 
the vmsplice() system call, which was added to the kernel in 2.6.17. There is 
no configuration option to exclude vmsplice() so everyone is vulnerable. 

One of the security issues existed for the entire lifetime of vmsplice(), so 
any kernel version from 2.6.17 onwards is vulnerable. This was fixed in 
2.6.24.2, 2.6.23.16 and 2.6.22.18. It has been assigned the vulnerability 
identifier of CVE-2008-0600. 

The other security issue first appeared in 2.6.23. It was fixed in 2.6.23.15 
and 2.6.24.1. This vulnerability has been assigned CVE-2008-0009 and 
CVE-2008-0010. 

gentoo-sources-2.6.23-r8 and gentoo-sources-2.6.24-r2 were added to the tree 
Monday and include fixes for both issues. Install the latest gentoo-sources as 
quickly as possible. 

  - Original Message - 
  From: Bob King 
  To: GNHLUG 
  Sent: Wednesday, February 13, 2008 10:14 PM
  Subject: Fwd: Fix for vmsplice exploit...




  On Feb 13, 2008 1:04 PM, Ted Roche <[EMAIL PROTECTED]> wrote:

I saw the patch come in over the Red Hat Network for a couple of Red Hat
systems we have subscriptions for, too. Nice to see such quick response
time!

  Fedora also. I also saw a fix for Mandriva announced as well. Nice to see  
the FOSS community respond so quickly to an issue like this. Nice to know we 
don't have to wait for "Patch Tuesday".







--


  ___
  gnhlug-discuss mailing list
  gnhlug-discuss@mail.gnhlug.org
  http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: Fix for vmsplice exploit...

[Bill McGonigle]

On Feb 13, 2008, at 20:29, Ben Scott wrote:

>   And Emacs so totally kicks vi's butt.

It's all about the butterflies, man.

   http://www.xkcd.com/378/

-Bill

-
Bill McGonigle, Owner   Work: 603.448.4440
BFC Computing, LLC  Home: 603.448.1668
[EMAIL PROTECTED]   Cell: 603.252.2606
http://www.bfccomputing.com/Page: 603.442.1833
Blog: http://blog.bfccomputing.com/
VCard: http://bfccomputing.com/vcard/bill.vcf

___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: Fix for vmsplice exploit...

[Ben Scott]

On Thu, Feb 14, 2008 at 6:05 PM, Bill McGonigle <[EMAIL PROTECTED]> wrote:
> >   And Emacs so totally kicks vi's butt.
>
>  It's all about the butterflies, man.
>http://www.xkcd.com/378/

  I prefer to just let the universe evolve to contain a disk with the
data I want.

-- Ben
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: Fix for vmsplice exploit...

[Bill Ricker]

On Thu, Feb 14, 2008 at 6:09 PM, Ben Scott <[EMAIL PROTECTED]> wrote:
>   I prefer to just let the universe evolve to contain a disk with the
>  data I want.

Luckily, the wait only lasts 6 months each time ...
https://shipit.ubuntu.com/

-- 
Bill
[EMAIL PROTECTED] [EMAIL PROTECTED]
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/