FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian Kernel

 
 
LinkBack Thread Tools
 
Old 09-20-2010, 11:19 PM
dann frazier
 
Default Bug#597576: Bug#597576: linux-image-2.6.32-5-amd64: 2.6.32-23 still vulnerable to CVE-2010-3301

On Mon, Sep 20, 2010 at 06:51:16PM -0400, Jon wrote:
>
> Package: linux-2.6
> Version: 2.6.32-23
> Justification: root security hole
> Severity: critical
> Tags: security
>
>
> The changelog says the CVE-2010-3301 was fixed in this update:
> * x86-64, compat (CVE-2010-3301):
> - Retruncate rax after ia32 syscall entry tracing
> - Test %rax for the syscall number, not %eax
>
> But a test of the exploit shows otherwise:
>
> nuxi@nobel:~(0)$ ./robert_you_suck
> resolved symbol commit_creds to 0xffffffff8106914d
> resolved symbol prepare_kernel_cred to 0xffffffff81069050
> mapping at 3f80000000
> UID 1000, EUID:1000 GID:100, EGID:100
> $


How so? UID 1000 isn't root...



--
To UNSUBSCRIBE, email to debian-kernel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 20100920231910.GE13672@lackof.org">http://lists.debian.org/20100920231910.GE13672@lackof.org
 
Old 09-20-2010, 11:19 PM
Michael Gilbert
 
Default Bug#597576: Bug#597576: linux-image-2.6.32-5-amd64: 2.6.32-23 still vulnerable to CVE-2010-3301

On Mon, 20 Sep 2010 18:51:16 -0400 Jon wrote:

>
> Package: linux-2.6
> Version: 2.6.32-23
> Justification: root security hole
> Severity: critical
> Tags: security
>
>
> The changelog says the CVE-2010-3301 was fixed in this update:
> * x86-64, compat (CVE-2010-3301):
> - Retruncate rax after ia32 syscall entry tracing
> - Test %rax for the syscall number, not %eax
>
> But a test of the exploit shows otherwise:
>
> nuxi@nobel:~(0)$ ./robert_you_suck
> resolved symbol commit_creds to 0xffffffff8106914d
> resolved symbol prepare_kernel_cred to 0xffffffff81069050
> mapping at 3f80000000
> UID 1000, EUID:1000 GID:100, EGID:100
> $

did you reboot?

mike



--
To UNSUBSCRIBE, email to debian-kernel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 20100920191926.2516291a.michael.s.gilbert@gmail.co m">http://lists.debian.org/20100920191926.2516291a.michael.s.gilbert@gmail.co m
 

Thread Tools




All times are GMT. The time now is 01:17 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org