Linux Archive

Linux Archive (http://www.linux-archive.org/)
-   CentOS Development (http://www.linux-archive.org/centos-development/)
-   -   heads up: CVE-2008-0600 kernel root exploit (http://www.linux-archive.org/centos-development/52208-heads-up-cve-2008-0600-kernel-root-exploit.html)

Matthew Miller 02-10-2008 09:54 PM

heads up: CVE-2008-0600 kernel root exploit
 
This has a trivially-available local root exploit code, and is already
generating a bit of community panic. I expect we'll be seeing an update RSN.

<https://bugzilla.redhat.com/show_bug.cgi?id=432251>

--
Matthew Miller mattdm@mattdm.org <http://mattdm.org/>
Boston University Linux ------> <http://linux.bu.edu/>
_______________________________________________
CentOS-devel mailing list
CentOS-devel@centos.org
http://lists.centos.org/mailman/listinfo/centos-devel

"Baird, Josh" 02-11-2008 12:17 AM

heads up: CVE-2008-0600 kernel root exploit
 
It actually made my 2.6.18-53.1.4.el5 x86 box panic.

Josh

________________________________

From: centos-devel-bounces@centos.org on behalf of Matthew Miller
Sent: Sun 2/10/2008 5:54 PM
To: The CentOS developers mailing list.
Subject: [CentOS-devel] heads up: CVE-2008-0600 kernel root exploit




This has a trivially-available local root exploit code, and is already
generating a bit of community panic. I expect we'll be seeing an update RSN.

<https://bugzilla.redhat.com/show_bug.cgi?id=432251>

--
Matthew Miller mattdm@mattdm.org <http://mattdm.org/>
Boston University Linux ------> <http://linux.bu.edu/>
_______________________________________________
CentOS-devel mailing list
CentOS-devel@centos.org
http://lists.centos.org/mailman/listinfo/centos-devel


_______________________________________________
CentOS-devel mailing list
CentOS-devel@centos.org
http://lists.centos.org/mailman/listinfo/centos-devel

Jethro Carr 02-11-2008 02:18 AM

heads up: CVE-2008-0600 kernel root exploit
 
On Sun, 2008-02-10 at 19:17 -0600, Baird, Josh wrote:
> It actually made my 2.6.18-53.1.4.el5 x86 box panic.

I also had a panic on the 2 boxes I tested the exploit with.

x86 VMware guest running 2.6.18-53.1.6.el5
x86_64 server running 2.6.18-53.1.6.el5 (SMP)

--
Jethro Carr

www.jethrocarr.com
www.jethrocarr.com/index.php?cms=blog

_______________________________________________
CentOS-devel mailing list
CentOS-devel@centos.org
http://lists.centos.org/mailman/listinfo/centos-devel

Matthew Miller 02-11-2008 02:29 AM

heads up: CVE-2008-0600 kernel root exploit
 
On Sun, Feb 10, 2008 at 07:17:27PM -0600, Baird, Josh wrote:
> It actually made my 2.6.18-53.1.4.el5 x86 box panic.

Yeah, me too. So that's arguably less severe, but still no good.


--
Matthew Miller mattdm@mattdm.org <http://mattdm.org/>
Boston University Linux ------> <http://linux.bu.edu/>
_______________________________________________
CentOS-devel mailing list
CentOS-devel@centos.org
http://lists.centos.org/mailman/listinfo/centos-devel

"Bent Terp" 02-11-2008 03:14 AM

heads up: CVE-2008-0600 kernel root exploit
 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

dzickus' testing kernel .78 seems to solve both this and .6's nfs
issues - however we're seeing about 50% stability with it: one machine
works fine, one crashed twice in 4 days.

/Bent

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: http://firegpg.tuxfamily.org

iQIVAwUBR6/LnoyMFfRCAeEGAQJL5hAAlNAxwttZ3qCQvGHiYl9sG0H+umWDY mWN
RqfU3FgiixHalbiYNfR3XpCspfjYVFxGxafb3UvNRJEnxCQylZ JkeACJ9hJVRpyY
BNs0srtmY0WxxslXXIhY72gP2dK4V1OgHlEiz3ArK9FZHmgcxk Bxbm9b79FOVRae
Ou1Iir0Qis6E1oLFdZJfHwme00zdfzIsg8iN04Xwu/DbuqlF3gBdpN+Dy8pe0GV3
3oIj0Arq1R6+8JEAQOFzUDTOKPX2QKJyzI2gLXpodXfpdFrBoq 8PusGEm+ppNOZi
iFhoXzeeS1tcSjwJBjWiiDI09UuuFHhZZe2iKWzjPKEc62AfU+ 7eqZFQdTfa4OBK
3Bk7lu7ojPQ2io0gA4cFFMgD3OLqKpmMmZBllWYsNOrFWiIARz R0Kb+PoNF3VReG
6lpp/QfdNeoeCDpd6GVJOZsss2Ggf0ZRf8JwVvGwrgqcmsoFV/QdTx34FwPGZt7l
+tQiJKfGXUh9wn2dERyEKR4uPXg4uFajat0Qk1MGzjc0mnO09I wxMR90/0jsvArE
skaQn/aSRiGsyblhKISl9O5vYzIJNCyWnIfKLFevZG+Vj0r7sIRXW/WJgaOxVnUE
ndtaVH8m3Q7mYbLzJl4MmofMjrGfvAijiGNIPvdS29Ixa1sg7a pRmDl1i9StfK+7
+Tr4BG+QZ1k=
=JC+v
-----END PGP SIGNATURE-----
_______________________________________________
CentOS-devel mailing list
CentOS-devel@centos.org
http://lists.centos.org/mailman/listinfo/centos-devel

Charlie Brady 02-11-2008 03:28 PM

heads up: CVE-2008-0600 kernel root exploit
 
On Sun, 10 Feb 2008, Matthew Miller wrote:


On Sun, Feb 10, 2008 at 07:17:27PM -0600, Baird, Josh wrote:

It actually made my 2.6.18-53.1.4.el5 x86 box panic.


Yeah, me too. So that's arguably less severe, but still no good.


A tweak of the exploit will make it work on x86_64 rather than cause
kernel panic (https://bugzilla.redhat.com/show_bug.cgi?id=432251#c23).


Proposed patch is already in upstream bug tracker
(https://bugzilla.redhat.com/show_bug.cgi?id=432251#c6)


diff -urN linux-2.6.18.x86_64/fs/splice.c linux-2.6.18.x86_64-fix/fs/splice.c
--- linux-2.6.18.x86_64/fs/splice.c 2008-02-10 11:08:19.000000000 -0500
+++ linux-2.6.18.x86_64-fix/fs/splice.c 2008-02-10 11:31:06.000000000 -0500
@@ -1154,6 +1154,9 @@
if (unlikely(!base))
break;

+ if (unlikely(!access_ok(VERIFY_READ, base, len)))
+ break;
+
/*
* Get this base offset and number of pages, then map
* in the user pages.
_______________________________________________
CentOS-devel mailing list
CentOS-devel@centos.org
http://lists.centos.org/mailman/listinfo/centos-devel


All times are GMT. The time now is 04:42 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.