Launchpad has imported 9 comments from the remote bug at
https://bugzilla.kernel.org/show_bug.cgi?id=9924.
If you reply to an imported comment from within Launchpad, your comment
will be sent to the remote bug automatically. Read more about
Launchpad's inter-bugtracker facilities at
https://help.l
Launchpad has imported 35 comments from the remote bug at
https://bugzilla.redhat.com/show_bug.cgi?id=432251.
If you reply to an imported comment from within Launchpad, your comment
will be sent to the remote bug automatically. Read more about
Launchpad's inter-bugtracker facilities at
https://hel
** Changed in: centos
Importance: Unknown => Critical
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/190587
Title:
Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)
To manage notifications
Launchpad has imported 29 comments from the remote bug at
https://bugzilla.redhat.com/show_bug.cgi?id=432229.
If you reply to an imported comment from within Launchpad, your comment
will be sent to the remote bug automatically. Read more about
Launchpad's inter-bugtracker facilities at
https://hel
** Changed in: mandriva
Importance: Unknown => Critical
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/190587
Title:
Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)
--
ubuntu-bugs mailin
** Changed in: linux
Importance: Unknown => High
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/190587
Title:
Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)
--
ubuntu-bugs mailing list
No, I don't want to join at LinkedIn!
--
Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)
https://bugs.launchpad.net/bugs/190587
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu
Per Gentoo, it's now fixed in all releases.
** Changed in: gentoo
Importance: Unknown => Undecided
Bugwatch: Gentoo Bugzilla #209460 => None
Status: Confirmed => New
** Changed in: gentoo
Status: New => Fix Released
--
Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplic
** Changed in: linux
Status: Unknown => Fix Released
--
Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)
https://bugs.launchpad.net/bugs/190587
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ub
** Also affects: linux via
http://bugzilla.kernel.org/show_bug.cgi?id=9924
Importance: Unknown
Status: Unknown
--
Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)
https://bugs.launchpad.net/bugs/190587
You received this bug notification because you are a member of Ubuntu
Bugs,
** Changed in: gplcver (Ubuntu)
Status: New => Invalid
--
Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)
https://bugs.launchpad.net/bugs/190587
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
** Tags added: metabug
--
Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)
https://bugs.launchpad.net/bugs/190587
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://li
** Changed in: ubuntu
Sourcepackagename: linux-source-2.6.24 => None
Status: New => Fix Released
--
Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)
https://bugs.launchpad.net/bugs/190587
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed
linux (2.6.24-8.13) hardy; urgency=low
[Soren Hansen]
* Add missing iscsi modules to kernel udebs
[Stefan Bader]
* Lower message level for PCI memory and I/O allocation.
[Tim Gardner]
* Enabled IP_ADVANCED_ROUTER and IP_MULTIPLE_TABLES in sparc, hppa
- LP: #189560
* Compile
** Also affects: gplcver (Ubuntu)
Importance: Undecided
Status: New
--
Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)
https://bugs.launchpad.net/bugs/190587
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.
--
ubu
** Changed in: centos
Status: Confirmed => Fix Released
--
Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)
https://bugs.launchpad.net/bugs/190587
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.
--
ubuntu-bugs mailin
** Changed in: mandriva
Status: In Progress => Fix Released
--
Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)
https://bugs.launchpad.net/bugs/190587
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.
--
ubuntu-bugs ma
** Changed in: debian
Status: Fix Committed => Fix Released
--
Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)
https://bugs.launchpad.net/bugs/190587
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.
--
ubuntu-bugs ma
Running Hardy Heron, Latest updates:
[EMAIL PROTECTED]:~$ uname -a
Linux ubuntu 2.6.24-7-generic #1 SMP Thu Feb 7 01:29:58 UTC 2008 i686 GNU/Linux
[EMAIL PROTECTED]:~$ whoami
kyle
[EMAIL PROTECTED]:~$ ./local
---
Linux vmsplice Local Root Exploit
By qaaz
--
I think that the number of supported releases should stay fairly static
as support for older releases is dropped. For example, Edgy is only
supported on the desktop until April, when Hardy is released.
--
Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)
https://bugs.launchpad.net/bugs/1905
It seems to me that as the number of Ubuntu's supported releases
continues to grow, it's going to get harder for the development team to
verify bugs and get fixes out for all the supported versions. Aside from
reporting bugs and exploits, how can users with programming experience
assist with this?
My compliments for the fast response for this exploit. I have just one question
left about this exploit: I have just executed the proof-of-concept code
(http://www.milw0rm.com/exploits/5092) again with the updated kernel. Is there
no memory corruption at all with this new kernel version?
Or shou
On Tue, 2008-02-12 at 19:11 +, Adna rim wrote:
> Means that there is an all or nothing policy? So even if the
> i386-patch would have been created and tested it hadn't been released
> before the patches for generic- and 64bit-kernels had been created and
> released?
IIRC, the kernels are all p
On Tue, 2008-02-12 at 18:50 +, Martin Jürgens wrote:
> But honestly, the time frame from the patches being published to
> having security updates in Ubuntu was ~ 48 hours, which is good in my
> opinion. Just compare it to once a month (granted that for such
> critical bugs MS would probably do
Thanks for the answer. Of course you are right, that 48h isn't that long
for a just local exploit. And of course any comparison with MS is surely
won by ubuntu :) I was just wondering why debian's updated kernel was so
many hours before ubuntu's released. The places to patch the kernel-
source shou
Fedora and Debian do not support as many releases as Ubuntu and thus the
time consumption to package and test if any regressions appear is longer
than for others.
But honestly, the time frame from the patches being published to having
security updates in Ubuntu was ~ 48 hours, which is good in my
Thanks for the people who helped with fixing this bug! But I have a
question: why had fedora and debian already released a updated kernel
yesterday to fix this problem and why ubuntu just now with many hours
delay to the other great distributions? Did you have any problem apling
the debian-patch to
Thanks for the people who helped with fixing this bug! But I have a
question: why had fedora and debian already released a updated kernel
yesterday to fix this problem and why ubuntu just now with many hours
delay to the other great distributions? Did you have any problem apling
the debian-patch to
http://www.ubuntu.com/usn/usn-577-1
** Changed in: linux-source-2.6.17 (Ubuntu)
Assignee: Kees Cook (keescook) => Jamie Strandboge (jamie-strandboge)
Status: Fix Committed => Fix Released
** Changed in: linux-source-2.6.20 (Ubuntu)
Assignee: Kees Cook (keescook) => Jamie Strandbo
This bug was fixed in the package linux-source-2.6.22 - 2.6.22-14.52
---
linux-source-2.6.22 (2.6.22-14.52) gutsy-security; urgency=low
[Tim Gardner]
* splice: fix user pointer access in get_iovec_page_array()
(CVE-2008-0600)
- LP: #190587
-- Tim Gardner <[EMAIL PROTECT
** Changed in: linux (Fedora)
Status: Fix Committed => Fix Released
** Changed in: centos
Status: Unknown => Confirmed
--
Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)
https://bugs.launchpad.net/bugs/190587
You received this bug notification because you are a member of Ub
The exploit does not seem to work on feisty:
$ gcc vmsplice.c -o vmsp
$ ./vmsp
---
Linux vmsplice Local Root Exploit
By qaaz
---
[+] mmap: 0x0 .. 0x1000
[+] page: 0x0
[+] page: 0x20
[+] mmap: 0x4000 .. 0x5000
[+] page: 0x4000
[+] pag
** Changed in: mandriva
Status: Confirmed => In Progress
--
Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)
https://bugs.launchpad.net/bugs/190587
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.
--
ubuntu-bugs maili
When will the fixe be upgraded in repositories (gutsy)?
--
Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)
https://bugs.launchpad.net/bugs/190587
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.
--
ubuntu-bugs mailing list
I also confirm this in Hardy.
--
Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)
https://bugs.launchpad.net/bugs/190587
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.c
On Tue, Feb 12, 2008 at 03:18:36AM -, Yuri wrote:
> Contrary to what I've been reading, I can confirm this on feisty, at
> least with AMD processor:
of course feisty is exploitable it works for 2.6.17-2.6.24.1 (and see
the summary of the bug, 2.6.20 is mentionned).
--
:wq
--
Local root exp
Contrary to what I've been reading, I can confirm this on feisty, at
least with AMD processor:
[EMAIL PROTECTED]:~$ grep "model name" /proc/cpuinfo
model name : Dual-Core AMD Opteron(tm) Processor 2218
model name : Dual-Core AMD Opteron(tm) Processor 2218
model name : Dual-Core AMD
What about Gutsy, any update when the fix will be released?
--
Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)
https://bugs.launchpad.net/bugs/190587
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.
--
ubuntu-bugs mailing l
The fix for this vulnerability is in the 2.6.24.2 tree against which
Hardy was recently updated and is in the process of being packaged for
upload.
** Changed in: linux-source-2.6.17 (Ubuntu)
Status: In Progress => Fix Committed
** Changed in: linux-source-2.6.20 (Ubuntu)
Status: In
@Boglizk: Not run it as root.
--
Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)
https://bugs.launchpad.net/bugs/190587
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.c
Duh. What about using the patch from the upstream?
https://bugs.launchpad.net/ubuntu/+source/linux-
source-2.6.22/+bug/190587/comments/26
--
Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)
https://bugs.launchpad.net/bugs/190587
You received this bug notification because you are a member o
Indeed, I ran the hotfix on my desktop last night (gutsy with latest
updates) and as soon as it finished, running programs began to crash.
I wasn't able to see any error messages to dmesg, but the system was
unstable enough that I had to reboot it. I would *not* recommend
running the hotfix.
--
Tom, the present hotfix is dangerous. See http://lists.debian.org
/debian-kernel/2008/02/msg00387.html
--
Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)
https://bugs.launchpad.net/bugs/190587
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug con
Hi,
I was wondering how others are dealing with this, beyond the runtime patch on
bootup. It seems like a tossup between grabbing/patching kernel source and
waiting for the security update, does anyone know a rough eta on a safe gutsy
kernel package? Thanks for the help, this is new territory
Yes, a remote root exploit.
--
Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)
https://bugs.launchpad.net/bugs/190587
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
Why priority is "high" but no "critical"?
Is there a higher criticity than a root exploit in 3 seconds?
--
Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)
https://bugs.launchpad.net/bugs/190587
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug co
Seems to fail on this part:
if (!uid || !gid)
die("[EMAIL PROTECTED]", 0);
---
[EMAIL PROTECTED]:~$ gcc linux_vmsplice.c
[EMAIL PROTECTED]:~$ ./a.out
---
Linux vmsplice Local Root Exploit
By qaaz
---
Kees - from what I can tell CVE-2008-0009 and CVE-2008-0010 affect only
2.6.23 through 2.6.24.1. CVE-2008-0600 affects 2.6.17 through 2.6.24.1.
Greg k-h:
"It has been given CVE-2008-0600 to address this issue (09 and 10 only
affect .23 and .24 kernels, and have been fixed.)"
We'll get all 3 CVEs
confirmed in gutsy 2.6.22-14-generic
--
Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)
https://bugs.launchpad.net/bugs/190587
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.u
** Also affects: centos via
https://bugzilla.redhat.com/show_bug.cgi?id=432251
Importance: Unknown
Status: Unknown
--
Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)
https://bugs.launchpad.net/bugs/190587
You received this bug notification because you are a member of Ubuntu
B
CVE-2008-0600 fixed in 2.6.22.18 [1,2]
[1] http://lkml.org/lkml/2008/2/11/27
[2]
http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.22.y.git;a=commitdiff;h=af395d8632d0524be27d8774a1607e68bdb4dd7f
--
Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)
https://bugs.launchpad.net/bugs
** Changed in: linux (Fedora)
Status: Unknown => Fix Committed
--
Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)
https://bugs.launchpad.net/bugs/190587
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.
--
ubuntu-bugs
** Changed in: mandriva
Status: Unknown => Confirmed
--
Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)
https://bugs.launchpad.net/bugs/190587
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.
--
ubuntu-bugs mailing l
** Changed in: gentoo
Status: Unknown => Confirmed
--
Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)
https://bugs.launchpad.net/bugs/190587
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.
--
ubuntu-bugs mailing lis
** Changed in: debian
Status: Unknown => Fix Committed
--
Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)
https://bugs.launchpad.net/bugs/190587
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.
--
ubuntu-bugs mailing
Fixes for CVE-2008-0009, CVE-2008-0010:
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=8811930dc74a503415b35c4a79d14fb0b408a361
Fixes for CVE-2008-0600:
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=712a30e63c8066ed84385b12edbfb804
For record, Dapper (2.6.15) is not affected.
Also, CVEs for these issues are:
CVE-2008-0009 (2.6.22+), CVE-2008-0010 (2.6.17+ -- see get_iovec_page_array
prior to 2.6.22), CVE-2008-0600 (2.6.17+).
** Changed in: linux-source-2.6.15 (Ubuntu)
Status: New => Invalid
--
Local root exploit
Hi,
This doesn't work, because it still creates a DoS condition when it
alters your memory map.
On Mon, 2008-02-11 at 07:08 +, slasher-fun wrote:
> Temporary fix :
>
> * Download http://www.ping.uio.no/~mortehu/disable-vmsplice-if-exploitable.c
> * Compile it using gcc (so "gcc disable-vmspl
Just some corrections to my previous post :
Line 4 :
* Compile it using gcc (so "gcc disable-vmsplice-if-exploitable.c -o
rm_exploit" without the quotes) as normal user
Line 5 :
* Run it as normal user ("./rm_exploit" without the quotes)
--
Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice
** Also affects: linux-source-2.6.15 (Ubuntu)
Importance: Undecided
Status: New
--
Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)
https://bugs.launchpad.net/bugs/190587
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubun
Temporary fix :
* Download http://www.ping.uio.no/~mortehu/disable-vmsplice-if-exploitable.c
* Compile it using gcc (so "gcc disable-vmsplice-if-exploitable.c -o
rm_exploit") as normal user
* Run it as normal user
--> You are now protected until the next reboot of the system
--
Local root explo
2008/2/11 Fadi Kaba <[EMAIL PROTECTED]>:
> Thanks Ante,
> How did you test kernel 2.6.15 I have a machine here with kernel 2.6.16and
> might test on it
>
>
> On Feb 11, 2008 5:47 PM, Ante Karamatić <[EMAIL PROTECTED]> wrote:
>
> > Fadi, no, 2.6.15 isn't affected. I can't test 2.6.16, but it also
Thanks Ante,
How did you test kernel 2.6.15 I have a machine here with kernel 2.6.16 and
might test on it
On Feb 11, 2008 5:47 PM, Ante Karamatić <[EMAIL PROTECTED]> wrote:
> Fadi, no, 2.6.15 isn't affected. I can't test 2.6.16, but it also
> shouldn't be affected.
>
> --
> Local root exploit in
Fadi, no, 2.6.15 isn't affected. I can't test 2.6.16, but it also
shouldn't be affected.
--
Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)
https://bugs.launchpad.net/bugs/190587
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubunt
** Bug watch added: Mandriva Linux #37678
http://qa.mandriva.com/show_bug.cgi?id=37678
** Also affects: mandriva via
http://qa.mandriva.com/show_bug.cgi?id=37678
Importance: Unknown
Status: Unknown
--
Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)
https://bugs.launchpad.
Hi guys,
Just got a question in regards to the above theory, you have mentioned
that kernel 2.6.17-2.6.24 is affected whereas a normal user have the
ability to login as root with no password and sudo command,so my
question here is that I have two version of Kernel on two separate
machines 2.6.15-2
Luis Alcaraz (Mexico)
Confirmed on Ubuntu 7.10 2.6.22-14-generic
---
[EMAIL PROTECTED]:~$ vim exploit.c
[EMAIL PROTECTED]:~$ gcc exploit.c -o exploit
[EMAIL PROTECTED]:~$ whoami
lalcaraz
[EMAIL PROTECTED]:~$ ./exploit
---
Linux vmsplice Local Root Exploit
By qaaz
The Security Team is working on getting the fix built up. We should
have updated kernels available shortly.
** Also affects: linux-source-2.6.17 (Ubuntu)
Importance: Undecided
Status: New
** Changed in: linux-source-2.6.17 (Ubuntu)
Importance: Undecided => Critical
Assignee: (u
[EMAIL PROTECTED]:~/bin$ gcc exploitsrv.c -o exploitsrv
[EMAIL PROTECTED]:~/bin$ whoami
steve
[EMAIL PROTECTED]:~/bin$ ./exploitsrv
---
Linux vmsplice Local Root Exploit
By qaaz
---
[+] mmap: 0x0 .. 0x1000
[+] page: 0x0
[+] page: 0x2
I also confirm that suggested hotfix fixes the problem until next
reboot, of course.
--
Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)
https://bugs.launchpad.net/bugs/190587
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.
Confirmed on feisty AMD64 (i386 isn't affected, AMD64 is).
** Also affects: linux-source-2.6.20 (Ubuntu)
Importance: Undecided
Status: New
--
Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)
https://bugs.launchpad.net/bugs/190587
You received this bug notification because you ar
Upstream fix:
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=712a30e63c8066ed84385b12edbfb804f49cbc44
--
Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)
https://bugs.launchpad.net/bugs/190587
You received this bug notification because you are a member of
Confirmed in Gutsy. Kernel 2.6.22-14-generic
--
Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)
https://bugs.launchpad.net/bugs/190587
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs
Gutsy/amd64 is affected too.
--
Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)
https://bugs.launchpad.net/bugs/190587
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.co
74 matches
Mail list logo