Linux Archive

Linux Archive (http://www.linux-archive.org/)
-   Debian Kernel (http://www.linux-archive.org/debian-kernel/)
-   -   Bug#597576: Bug#597576: linux-image-2.6.32-5-amd64: 2.6.32-23 still vulnerable to CVE-2010-3301 (http://www.linux-archive.org/debian-kernel/429636-bug-597576-bug-597576-linux-image-2-6-32-5-amd64-2-6-32-23-still-vulnerable-cve-2010-3301-a.html)

dann frazier 09-20-2010 11:19 PM

Bug#597576: Bug#597576: linux-image-2.6.32-5-amd64: 2.6.32-23 still vulnerable to CVE-2010-3301
 
On Mon, Sep 20, 2010 at 06:51:16PM -0400, Jon wrote:
>
> Package: linux-2.6
> Version: 2.6.32-23
> Justification: root security hole
> Severity: critical
> Tags: security
>
>
> The changelog says the CVE-2010-3301 was fixed in this update:
> * x86-64, compat (CVE-2010-3301):
> - Retruncate rax after ia32 syscall entry tracing
> - Test %rax for the syscall number, not %eax
>
> But a test of the exploit shows otherwise:
>
> nuxi@nobel:~(0)$ ./robert_you_suck
> resolved symbol commit_creds to 0xffffffff8106914d
> resolved symbol prepare_kernel_cred to 0xffffffff81069050
> mapping at 3f80000000
> UID 1000, EUID:1000 GID:100, EGID:100
> $


How so? UID 1000 isn't root...



--
To UNSUBSCRIBE, email to debian-kernel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 20100920231910.GE13672@lackof.org">http://lists.debian.org/20100920231910.GE13672@lackof.org

Michael Gilbert 09-20-2010 11:19 PM

Bug#597576: Bug#597576: linux-image-2.6.32-5-amd64: 2.6.32-23 still vulnerable to CVE-2010-3301
 
On Mon, 20 Sep 2010 18:51:16 -0400 Jon wrote:

>
> Package: linux-2.6
> Version: 2.6.32-23
> Justification: root security hole
> Severity: critical
> Tags: security
>
>
> The changelog says the CVE-2010-3301 was fixed in this update:
> * x86-64, compat (CVE-2010-3301):
> - Retruncate rax after ia32 syscall entry tracing
> - Test %rax for the syscall number, not %eax
>
> But a test of the exploit shows otherwise:
>
> nuxi@nobel:~(0)$ ./robert_you_suck
> resolved symbol commit_creds to 0xffffffff8106914d
> resolved symbol prepare_kernel_cred to 0xffffffff81069050
> mapping at 3f80000000
> UID 1000, EUID:1000 GID:100, EGID:100
> $

did you reboot?

mike



--
To UNSUBSCRIBE, email to debian-kernel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 20100920191926.2516291a.michael.s.gilbert@gmail.co m">http://lists.debian.org/20100920191926.2516291a.michael.s.gilbert@gmail.co m


All times are GMT. The time now is 03:52 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.