Please see:

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=464945
https://bugs.launchpad.net/ubuntu/+source/linux-source-2.6.22/+bug/190587
https://bugzilla.redhat.com/show_bug.cgi?id=432229

A local root exploit has been discovered in the linux kernel yesterday.
Virtually all the stock kernels provided by several distributions in the
past year appear to be vulnerable.


I am still hinting for a temporary fix, but till that I guess I'll have
to disable login access to all but a handful of absolutely trusted users.


I have attached a proof-of-concept source code that can be found in the
bug reports.


Too scary!


--
Raj Kiran Grandhi

Raj Kiran Grandhi wrote:

Please see:

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=464945
https://bugs.launchpad.net/ubuntu/+source/linux-source-2.6.22/+bug/190587
https://bugzilla.redhat.com/show_bug.cgi?id=432229

A local root exploit has been discovered in the linux kernel yesterday.
Virtually all the stock kernels provided by several distributions in the
past year appear to be vulnerable.


I am still hinting for a temporary fix, but till that I guess I'll have
to disable login access to all but a handful of absolutely trusted users.


I have attached a proof-of-concept source code that can be found in the
bug reports.


Too scary!



The attached file pulled from the debian bug report page fixes the issue
till the next reboot.


--
Raj Kiran Grandhi

Raj Kiran Grandhi wrote:

Please see:

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=464945
https://bugs.launchpad.net/ubuntu/+source/linux-source-2.6.22/+bug/190587
https://bugzilla.redhat.com/show_bug.cgi?id=432229

A local root exploit has been discovered in the linux kernel yesterday.
Virtually all the stock kernels provided by several distributions in the
past year appear to be vulnerable.


I am still hinting for a temporary fix, but till that I guess I'll have
to disable login access to all but a handful of absolutely trusted users.


I have attached a proof-of-concept source code that can be found in the
bug reports.


Too scary!





On kernels I compile myself, I just applied the patch from here:

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=712a30e63c8066ed84385b12edb fb804f49cbc44

recompiled my kernel, and exploit no longer works.


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Jeff D wrote:

Raj Kiran Grandhi wrote:

Please see:

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=464945
https://bugs.launchpad.net/ubuntu/+source/linux-source-2.6.22/+bug/190587
https://bugzilla.redhat.com/show_bug.cgi?id=432229

A local root exploit has been discovered in the linux kernel
yesterday. Virtually all the stock kernels provided by several
distributions in the past year appear to be vulnerable.


I am still hinting for a temporary fix, but till that I guess I'll
have to disable login access to all but a handful of absolutely
trusted users.


I have attached a proof-of-concept source code that can be found in
the bug reports.


Too scary!





On kernels I compile myself, I just applied the patch from here:

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=712a30e63c8066ed84385b12edb fb804f49cbc44



recompiled my kernel, and exploit no longer works.




I applied the patch recommended by Jeff D to Debian kernel 2.6.24.1 and
it worked. Thanks!


There is also a related patch for completeness (for kernels 2.6.23.x and
up I believe)


http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=8811930dc74a503415b35c4a79d 14fb0b408a361


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

On 2008-02-11 07:17:08 +0530, Raj Kiran Grandhi wrote:
> A local root exploit has been discovered in the linux kernel yesterday.
> Virtually all the stock kernels provided by several distributions in the
> past year appear to be vulnerable.

Is it specific to x86 (not x86_64) as the exploit contains x86 code,
or are other architectures also vulnerable in some other way?

--
Vincent Lefèvre <vincent@vinc17.org> - Web: <http://www.vinc17.org/>
100% accessible validated (X)HTML - Blog: <http://www.vinc17.org/blog/>
Work: CR INRIA - computer arithmetic / Arenaire project (LIP, ENS-Lyon)


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Hello,

Just tried on 2.6.23-1-amd64 and it works.


On Feb 11, 2008 2:07 PM, Vincent Lefevre <vincent@vinc17.org> wrote:
> On 2008-02-11 07:17:08 +0530, Raj Kiran Grandhi wrote:
> > A local root exploit has been discovered in the linux kernel yesterday.
> > Virtually all the stock kernels provided by several distributions in the
> > past year appear to be vulnerable.
>
> Is it specific to x86 (not x86_64) as the exploit contains x86 code,
> or are other architectures also vulnerable in some other way?
>
> --
> Vincent Lefèvre <vincent@vinc17.org> - Web: <http://www.vinc17.org/>
> 100% accessible validated (X)HTML - Blog: <http://www.vinc17.org/blog/>
> Work: CR INRIA - computer arithmetic / Arenaire project (LIP, ENS-Lyon)
>
>
>
> --
> To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>
>



--
Aubort Jean-Baptiste
ziki: http://my.ziki.com/rorist

Hello,

Just tried on 2.6.23-1-amd64 and it works.


> On Feb 11, 2008 2:07 PM, Vincent Lefevre <vincent@vinc17.org> wrote:
> > On 2008-02-11 07:17:08 +0530, Raj Kiran Grandhi wrote:
> > > A local root exploit has been discovered in the linux kernel yesterday.
> > > Virtually all the stock kernels provided by several distributions in the
> > > past year appear to be vulnerable.
> >
> > Is it specific to x86 (not x86_64) as the exploit contains x86 code,
> > or are other architectures also vulnerable in some other way?
> >
> > --
> > Vincent Lefèvre <vincent@vinc17.org> - Web: <http://www.vinc17.org/>
> > 100% accessible validated (X)HTML - Blog: <http://www.vinc17.org/blog/>
> > Work: CR INRIA - computer arithmetic / Arenaire project (LIP, ENS-Lyon)
> >
> >
> >
> > --
> > To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
> > with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> >
> >
>
>
>
> --
> Aubort Jean-Baptiste
> ziki: http://my.ziki.com/rorist
>



--
Aubort Jean-Baptiste
ziki: http://my.ziki.com/rorist

On Mon, Feb 11, 2008 at 02:07:41PM +0100, Vincent Lefevre wrote:
> > A local root exploit has been discovered in the linux kernel yesterday.
> > Virtually all the stock kernels provided by several distributions in the
> > past year appear to be vulnerable.
>
> Is it specific to x86 (not x86_64) as the exploit contains x86 code,
> or are other architectures also vulnerable in some other way?

You can get the list of architectures for which built kernels were
uploaded here:

http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=72;bug=464945

HTH.

Kumar
--
Kumar Appaiah,
458, Jamuna Hostel,
Indian Institute of Technology Madras,
Chennai - 600 036

On Mon, Feb 11, 2008 at 07:08:17PM +0530, Kumar Appaiah wrote:
> On Mon, Feb 11, 2008 at 02:07:41PM +0100, Vincent Lefevre wrote:
> > > A local root exploit has been discovered in the linux kernel yesterday.
> > > Virtually all the stock kernels provided by several distributions in the
> > > past year appear to be vulnerable.
> >
> > Is it specific to x86 (not x86_64) as the exploit contains x86 code,
> > or are other architectures also vulnerable in some other way?
>
> You can get the list of architectures for which built kernels were
> uploaded here:
>
> http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=72;bug=464945

Er, I apologise. This was not the answer to the question asked.

Kumar
--
Kumar Appaiah,
458, Jamuna Hostel,
Indian Institute of Technology Madras,
Chennai - 600 036

Raj Kiran Grandhi wrote:

> Please see:
>
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=464945
> https://bugs.launchpad.net/ubuntu/+source/linux-source-2.6.22/+bug/190587
> https://bugzilla.redhat.com/show_bug.cgi?id=432229
>

Scary, indeed! Thanks for informing.

I am wondering what would be a good way to keep abreast of these kind of
serious vulnerabilities. How did you come to know of this information? Is
there any mailing list that I could subscribe? or there is a better
alternative?

thanks
raju

--
Kamaraju S Kusumanchi
http://www.people.cornell.edu/pages/kk288/
http://malayamaarutham.blogspot.com/


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org