Launchpad has imported 9 comments from the remote bug at
https://bugzilla.kernel.org/show_bug.cgi?id=9924.
If you reply to an imported comment from within Launchpad, your comment
will be sent to the remote bug automatically. Read more about
Launchpad's inter-bugtracker facilities at
Launchpad has imported 35 comments from the remote bug at
https://bugzilla.redhat.com/show_bug.cgi?id=432251.
If you reply to an imported comment from within Launchpad, your comment
will be sent to the remote bug automatically. Read more about
Launchpad's inter-bugtracker facilities at
** Changed in: centos
Importance: Unknown => Critical
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/190587
Title:
Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)
To manage notifications
Launchpad has imported 29 comments from the remote bug at
https://bugzilla.redhat.com/show_bug.cgi?id=432229.
If you reply to an imported comment from within Launchpad, your comment
will be sent to the remote bug automatically. Read more about
Launchpad's inter-bugtracker facilities at
** Changed in: mandriva
Importance: Unknown = Critical
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/190587
Title:
Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)
--
ubuntu-bugs
** Changed in: linux
Importance: Unknown = High
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/190587
Title:
Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)
--
ubuntu-bugs mailing list
No, I don't want to join at LinkedIn!
--
Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)
https://bugs.launchpad.net/bugs/190587
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
Per Gentoo, it's now fixed in all releases.
** Changed in: gentoo
Importance: Unknown = Undecided
Bugwatch: Gentoo Bugzilla #209460 = None
Status: Confirmed = New
** Changed in: gentoo
Status: New = Fix Released
--
Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)
** Changed in: gplcver (Ubuntu)
Status: New = Invalid
--
Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)
https://bugs.launchpad.net/bugs/190587
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
** Also affects: linux via
http://bugzilla.kernel.org/show_bug.cgi?id=9924
Importance: Unknown
Status: Unknown
--
Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)
https://bugs.launchpad.net/bugs/190587
You received this bug notification because you are a member of Ubuntu
** Changed in: linux
Status: Unknown = Fix Released
--
Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)
https://bugs.launchpad.net/bugs/190587
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
** Tags added: metabug
--
Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)
https://bugs.launchpad.net/bugs/190587
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
** Changed in: ubuntu
Sourcepackagename: linux-source-2.6.24 = None
Status: New = Fix Released
--
Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)
https://bugs.launchpad.net/bugs/190587
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed
linux (2.6.24-8.13) hardy; urgency=low
[Soren Hansen]
* Add missing iscsi modules to kernel udebs
[Stefan Bader]
* Lower message level for PCI memory and I/O allocation.
[Tim Gardner]
* Enabled IP_ADVANCED_ROUTER and IP_MULTIPLE_TABLES in sparc, hppa
- LP: #189560
* Compile
** Also affects: gplcver (Ubuntu)
Importance: Undecided
Status: New
--
Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)
https://bugs.launchpad.net/bugs/190587
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.
--
Running Hardy Heron, Latest updates:
[EMAIL PROTECTED]:~$ uname -a
Linux ubuntu 2.6.24-7-generic #1 SMP Thu Feb 7 01:29:58 UTC 2008 i686 GNU/Linux
[EMAIL PROTECTED]:~$ whoami
kyle
[EMAIL PROTECTED]:~$ ./local
---
Linux vmsplice Local Root Exploit
By qaaz
** Changed in: debian
Status: Fix Committed = Fix Released
--
Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)
https://bugs.launchpad.net/bugs/190587
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.
--
ubuntu-bugs
** Changed in: mandriva
Status: In Progress = Fix Released
--
Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)
https://bugs.launchpad.net/bugs/190587
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.
--
ubuntu-bugs
** Changed in: centos
Status: Confirmed = Fix Released
--
Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)
https://bugs.launchpad.net/bugs/190587
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.
--
ubuntu-bugs
I also confirm this in Hardy.
--
Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)
https://bugs.launchpad.net/bugs/190587
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.
--
ubuntu-bugs mailing list
When will the fixe be upgraded in repositories (gutsy)?
--
Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)
https://bugs.launchpad.net/bugs/190587
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.
--
ubuntu-bugs mailing list
Fedora and Debian do not support as many releases as Ubuntu and thus the
time consumption to package and test if any regressions appear is longer
than for others.
But honestly, the time frame from the patches being published to having
security updates in Ubuntu was ~ 48 hours, which is good in my
I think that the number of supported releases should stay fairly static
as support for older releases is dropped. For example, Edgy is only
supported on the desktop until April, when Hardy is released.
--
Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)
It seems to me that as the number of Ubuntu's supported releases
continues to grow, it's going to get harder for the development team to
verify bugs and get fixes out for all the supported versions. Aside from
reporting bugs and exploits, how can users with programming experience
assist with this?
My compliments for the fast response for this exploit. I have just one question
left about this exploit: I have just executed the proof-of-concept code
(http://www.milw0rm.com/exploits/5092) again with the updated kernel. Is there
no memory corruption at all with this new kernel version?
Or
On Tue, 2008-02-12 at 19:11 +, Adna rim wrote:
Means that there is an all or nothing policy? So even if the
i386-patch would have been created and tested it hadn't been released
before the patches for generic- and 64bit-kernels had been created and
released?
IIRC, the kernels are all put
On Tue, 2008-02-12 at 18:50 +, Martin Jürgens wrote:
But honestly, the time frame from the patches being published to
having security updates in Ubuntu was ~ 48 hours, which is good in my
opinion. Just compare it to once a month (granted that for such
critical bugs MS would probably do an
Thanks for the answer. Of course you are right, that 48h isn't that long
for a just local exploit. And of course any comparison with MS is surely
won by ubuntu :) I was just wondering why debian's updated kernel was so
many hours before ubuntu's released. The places to patch the kernel-
source
Thanks for the people who helped with fixing this bug! But I have a
question: why had fedora and debian already released a updated kernel
yesterday to fix this problem and why ubuntu just now with many hours
delay to the other great distributions? Did you have any problem apling
the debian-patch
Thanks for the people who helped with fixing this bug! But I have a
question: why had fedora and debian already released a updated kernel
yesterday to fix this problem and why ubuntu just now with many hours
delay to the other great distributions? Did you have any problem apling
the debian-patch
http://www.ubuntu.com/usn/usn-577-1
** Changed in: linux-source-2.6.17 (Ubuntu)
Assignee: Kees Cook (keescook) = Jamie Strandboge (jamie-strandboge)
Status: Fix Committed = Fix Released
** Changed in: linux-source-2.6.20 (Ubuntu)
Assignee: Kees Cook (keescook) = Jamie Strandboge
This bug was fixed in the package linux-source-2.6.22 - 2.6.22-14.52
---
linux-source-2.6.22 (2.6.22-14.52) gutsy-security; urgency=low
[Tim Gardner]
* splice: fix user pointer access in get_iovec_page_array()
(CVE-2008-0600)
- LP: #190587
-- Tim Gardner [EMAIL
The exploit does not seem to work on feisty:
$ gcc vmsplice.c -o vmsp
$ ./vmsp
---
Linux vmsplice Local Root Exploit
By qaaz
---
[+] mmap: 0x0 .. 0x1000
[+] page: 0x0
[+] page: 0x20
[+] mmap: 0x4000 .. 0x5000
[+] page: 0x4000
[+]
** Changed in: mandriva
Status: Confirmed = In Progress
--
Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)
https://bugs.launchpad.net/bugs/190587
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.
--
ubuntu-bugs
** Changed in: linux (Fedora)
Status: Fix Committed = Fix Released
** Changed in: centos
Status: Unknown = Confirmed
--
Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)
https://bugs.launchpad.net/bugs/190587
You received this bug notification because you are a member of
Tom, the present hotfix is dangerous. See http://lists.debian.org
/debian-kernel/2008/02/msg00387.html
--
Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)
https://bugs.launchpad.net/bugs/190587
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug
@Boglizk: Not run it as root.
--
Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)
https://bugs.launchpad.net/bugs/190587
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.
--
ubuntu-bugs mailing list
Indeed, I ran the hotfix on my desktop last night (gutsy with latest
updates) and as soon as it finished, running programs began to crash.
I wasn't able to see any error messages to dmesg, but the system was
unstable enough that I had to reboot it. I would *not* recommend
running the hotfix.
--
Hi,
I was wondering how others are dealing with this, beyond the runtime patch on
bootup. It seems like a tossup between grabbing/patching kernel source and
waiting for the security update, does anyone know a rough eta on a safe gutsy
kernel package? Thanks for the help, this is new territory
Yes, a remote root exploit.
--
Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)
https://bugs.launchpad.net/bugs/190587
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.
--
ubuntu-bugs mailing list
Kees - from what I can tell CVE-2008-0009 and CVE-2008-0010 affect only
2.6.23 through 2.6.24.1. CVE-2008-0600 affects 2.6.17 through 2.6.24.1.
Greg k-h:
It has been given CVE-2008-0600 to address this issue (09 and 10 only
affect .23 and .24 kernels, and have been fixed.)
We'll get all 3 CVEs
Duh. What about using the patch from the upstream?
https://bugs.launchpad.net/ubuntu/+source/linux-
source-2.6.22/+bug/190587/comments/26
--
Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)
https://bugs.launchpad.net/bugs/190587
You received this bug notification because you are a member
Contrary to what I've been reading, I can confirm this on feisty, at
least with AMD processor:
[EMAIL PROTECTED]:~$ grep model name /proc/cpuinfo
model name : Dual-Core AMD Opteron(tm) Processor 2218
model name : Dual-Core AMD Opteron(tm) Processor 2218
model name : Dual-Core AMD
What about Gutsy, any update when the fix will be released?
--
Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)
https://bugs.launchpad.net/bugs/190587
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.
--
ubuntu-bugs mailing
The fix for this vulnerability is in the 2.6.24.2 tree against which
Hardy was recently updated and is in the process of being packaged for
upload.
** Changed in: linux-source-2.6.17 (Ubuntu)
Status: In Progress = Fix Committed
** Changed in: linux-source-2.6.20 (Ubuntu)
Status: In
confirmed in gutsy 2.6.22-14-generic
--
Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)
https://bugs.launchpad.net/bugs/190587
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.
--
ubuntu-bugs mailing list
** Also affects: centos via
https://bugzilla.redhat.com/show_bug.cgi?id=432251
Importance: Unknown
Status: Unknown
--
Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)
https://bugs.launchpad.net/bugs/190587
You received this bug notification because you are a member of Ubuntu
** Changed in: linux (Fedora)
Status: Unknown = Fix Committed
--
Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)
https://bugs.launchpad.net/bugs/190587
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.
--
ubuntu-bugs
** Changed in: mandriva
Status: Unknown = Confirmed
--
Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)
https://bugs.launchpad.net/bugs/190587
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.
--
ubuntu-bugs mailing
** Changed in: gentoo
Status: Unknown = Confirmed
--
Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)
https://bugs.launchpad.net/bugs/190587
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.
--
ubuntu-bugs mailing
Why priority is high but no critical?
Is there a higher criticity than a root exploit in 3 seconds?
--
Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)
https://bugs.launchpad.net/bugs/190587
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug
On Tue, Feb 12, 2008 at 03:18:36AM -, Yuri wrote:
Contrary to what I've been reading, I can confirm this on feisty, at
least with AMD processor:
of course feisty is exploitable it works for 2.6.17-2.6.24.1 (and see
the summary of the bug, 2.6.20 is mentionned).
--
:wq
--
Local root
Seems to fail on this part:
if (!uid || !gid)
die([EMAIL PROTECTED], 0);
---
[EMAIL PROTECTED]:~$ gcc linux_vmsplice.c
[EMAIL PROTECTED]:~$ ./a.out
---
Linux vmsplice Local Root Exploit
By qaaz
---
** Changed in: debian
Status: Unknown = Fix Committed
--
Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)
https://bugs.launchpad.net/bugs/190587
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.
--
ubuntu-bugs mailing
Fixes for CVE-2008-0009, CVE-2008-0010:
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=8811930dc74a503415b35c4a79d14fb0b408a361
Fixes for CVE-2008-0600:
CVE-2008-0600 fixed in 2.6.22.18 [1,2]
[1] http://lkml.org/lkml/2008/2/11/27
[2]
http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.22.y.git;a=commitdiff;h=af395d8632d0524be27d8774a1607e68bdb4dd7f
--
Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)
I can confirm this in Gutsy:
$ gcc exploit.c -o exploit
$ whoami
heikki
$ ./exploit
---
Linux vmsplice Local Root Exploit
By qaaz
---
[+] mmap: 0x0 .. 0x1000
[+] page: 0x0
[+] page: 0x20
[+] mmap: 0x4000 .. 0x5000
[+] page: 0x4000
I confirm this in Hardy Heron
kernel 2.6.24-7-generic
--
Local root exploit in kernel 2.6.17 - 2.6.24
https://bugs.launchpad.net/bugs/190587
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.
--
ubuntu-bugs mailing list
http://bugzilla.kernel.org/show_bug.cgi?id=9924
Also able to confirm on Hardy.
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2008-0009
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2008-0010
--
Local root exploit in kernel 2.6.17 - 2.6.24
Confirm on Gutsy:
[EMAIL PROTECTED]:~$ gcc exploit2.c -o exploit2
[EMAIL PROTECTED]:~$ ./exploit2
---
Linux vmsplice Local Root Exploit
By qaaz
---
[+] mmap: 0x0 .. 0x1000
[+] page: 0x0
[+] page: 0x20
[+] mmap: 0x4000 .. 0x5000
[+]
** Bug watch added: Debian Bug tracker #464953
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=464953
** Also affects: debian via
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=464953
Importance: Unknown
Status: Unknown
--
Local root exploit in kernel 2.6.17 - 2.6.24
** Changed in: ubuntu
Importance: Undecided = Critical
--
Local root exploit in kernel 2.6.17 - 2.6.24
https://bugs.launchpad.net/bugs/190587
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.
--
ubuntu-bugs mailing list
actually the bug exploitable from 2.6.17-2.6.24 is CVE-2008-0600.
CVE-2008-0009/10 only affect
.23 and .24 (so only hardy is affected)
see http://lkml.org/lkml/2008/2/10/177 for details
(btw this bug is pretty scary, it works almost anywhere you can have a
shell...)
** CVE added:
** Changed in: linux-source-2.6.22 (Ubuntu)
Sourcepackagename: None = linux-source-2.6.22
** Also affects: linux-source-2.6.24 (Ubuntu)
Importance: Undecided
Status: New
--
Local root exploit in kernel 2.6.17 - 2.6.24
https://bugs.launchpad.net/bugs/190587
You received this bug
Confirmed in Hardy - 2.6.24
** Changed in: linux (Ubuntu)
Sourcepackagename: linux-source-2.6.24 = linux
Importance: Undecided = Critical
Status: New = Confirmed
--
Local root exploit in kernel 2.6.17 - 2.6.24
https://bugs.launchpad.net/bugs/190587
You received this bug notification
I confirm that on hardy and gutsy. I also confirm that the hotfix
referenced in debian bugreport http://bugs.debian.org/cgi-
bin/bugreport.cgi?bug=464953 which sets the first byte of sys_vmsplice
to RET in /dev/mem ( http://www.ping.uio.no/~mortehu/disable-vmsplice-
if-exploitable.c ) works and
** Bug watch added: Red Hat Bugzilla #432229
https://bugzilla.redhat.com/show_bug.cgi?id=432229
** Also affects: linux (Fedora) via
https://bugzilla.redhat.com/show_bug.cgi?id=432229
Importance: Unknown
Status: Unknown
--
Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)
RHEL tracker is at: https://bugzilla.redhat.com/show_bug.cgi?id=432251
but LP won't allow adding a second entry (in addition to the one for
Fedora).
** Summary changed:
- Local root exploit in kernel 2.6.17 - 2.6.24
+ Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)
--
Local root
Upstream fix:
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=712a30e63c8066ed84385b12edbfb804f49cbc44
--
Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)
https://bugs.launchpad.net/bugs/190587
You received this bug notification because you are a member of
Confirmed in Gutsy. Kernel 2.6.22-14-generic
--
Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)
https://bugs.launchpad.net/bugs/190587
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.
--
ubuntu-bugs mailing list
Gutsy/amd64 is affected too.
--
Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)
https://bugs.launchpad.net/bugs/190587
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.
--
ubuntu-bugs mailing list
Confirmed on feisty AMD64 (i386 isn't affected, AMD64 is).
** Also affects: linux-source-2.6.20 (Ubuntu)
Importance: Undecided
Status: New
--
Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)
https://bugs.launchpad.net/bugs/190587
You received this bug notification because you
I also confirm that suggested hotfix fixes the problem until next
reboot, of course.
--
Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)
https://bugs.launchpad.net/bugs/190587
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.
[EMAIL PROTECTED]:~/bin$ gcc exploitsrv.c -o exploitsrv
[EMAIL PROTECTED]:~/bin$ whoami
steve
[EMAIL PROTECTED]:~/bin$ ./exploitsrv
---
Linux vmsplice Local Root Exploit
By qaaz
---
[+] mmap: 0x0 .. 0x1000
[+] page: 0x0
[+] page:
Luis Alcaraz (Mexico)
Confirmed on Ubuntu 7.10 2.6.22-14-generic
---
[EMAIL PROTECTED]:~$ vim exploit.c
[EMAIL PROTECTED]:~$ gcc exploit.c -o exploit
[EMAIL PROTECTED]:~$ whoami
lalcaraz
[EMAIL PROTECTED]:~$ ./exploit
---
Linux vmsplice Local Root Exploit
By qaaz
The Security Team is working on getting the fix built up. We should
have updated kernels available shortly.
** Also affects: linux-source-2.6.17 (Ubuntu)
Importance: Undecided
Status: New
** Changed in: linux-source-2.6.17 (Ubuntu)
Importance: Undecided = Critical
Assignee:
Hi guys,
Just got a question in regards to the above theory, you have mentioned
that kernel 2.6.17-2.6.24 is affected whereas a normal user have the
ability to login as root with no password and sudo command,so my
question here is that I have two version of Kernel on two separate
machines
For record, Dapper (2.6.15) is not affected.
Also, CVEs for these issues are:
CVE-2008-0009 (2.6.22+), CVE-2008-0010 (2.6.17+ -- see get_iovec_page_array
prior to 2.6.22), CVE-2008-0600 (2.6.17+).
** Changed in: linux-source-2.6.15 (Ubuntu)
Status: New = Invalid
--
Local root exploit
Hi,
This doesn't work, because it still creates a DoS condition when it
alters your memory map.
On Mon, 2008-02-11 at 07:08 +, slasher-fun wrote:
Temporary fix :
* Download http://www.ping.uio.no/~mortehu/disable-vmsplice-if-exploitable.c
* Compile it using gcc (so gcc
Just some corrections to my previous post :
Line 4 :
* Compile it using gcc (so gcc disable-vmsplice-if-exploitable.c -o
rm_exploit without the quotes) as normal user
Line 5 :
* Run it as normal user (./rm_exploit without the quotes)
--
Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)
Thanks Ante,
How did you test kernel 2.6.15 I have a machine here with kernel 2.6.16 and
might test on it
On Feb 11, 2008 5:47 PM, Ante Karamatić [EMAIL PROTECTED] wrote:
Fadi, no, 2.6.15 isn't affected. I can't test 2.6.16, but it also
shouldn't be affected.
--
Local root exploit in kernel
Fadi, no, 2.6.15 isn't affected. I can't test 2.6.16, but it also
shouldn't be affected.
--
Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)
https://bugs.launchpad.net/bugs/190587
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for
** Bug watch added: Mandriva Linux #37678
http://qa.mandriva.com/show_bug.cgi?id=37678
** Also affects: mandriva via
http://qa.mandriva.com/show_bug.cgi?id=37678
Importance: Unknown
Status: Unknown
--
Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)
2008/2/11 Fadi Kaba [EMAIL PROTECTED]:
Thanks Ante,
How did you test kernel 2.6.15 I have a machine here with kernel 2.6.16and
might test on it
On Feb 11, 2008 5:47 PM, Ante Karamatić [EMAIL PROTECTED] wrote:
Fadi, no, 2.6.15 isn't affected. I can't test 2.6.16, but it also
shouldn't
Temporary fix :
* Download http://www.ping.uio.no/~mortehu/disable-vmsplice-if-exploitable.c
* Compile it using gcc (so gcc disable-vmsplice-if-exploitable.c -o
rm_exploit) as normal user
* Run it as normal user
-- You are now protected until the next reboot of the system
--
Local root exploit
** Also affects: linux-source-2.6.15 (Ubuntu)
Importance: Undecided
Status: New
--
Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)
https://bugs.launchpad.net/bugs/190587
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for
86 matches
Mail list logo