Comments on: Critical Linux kernel vmsplice security issues

By: EpildtautLiat

EpildtautLiat — Mon, 05 May 2008 19:33:04 +0000

“How many people work here?”
“Oh, about half.”

—————————————————————————————————-
http://ebloggy.com/nolanphillipszc

By: DamionKutaeff

DamionKutaeff — Sun, 23 Mar 2008 07:27:13 +0000

Hello everybody, my name is Damion, and I’m glad to join your conmunity,
and wish to assit as far as possible.

By: Kerin Millar

Kerin Millar — Wed, 13 Feb 2008 20:50:54 +0000

> # KingTaco Says:
> February 11th, 2008 at 6:54 am
>
> For the record, grsec/pax seems to be immune from this bug on a wide array of tested machines.

As far as I’m aware the attack only fails to achieve its intended goal if PAX_MEMORY_UDEREF is enabled (which is not supported on x86_64 arch). Even then, the PaX author has warned that stack corruption can occur leading to strange behaviour or crashes later. So let us not be lulled into a false sense of security. Hardened kernel users should upgrade to 2.6.23-r7 which contains the appropriate fixes.

By: Divide and Conquer » Blog Archive » The vmsplice local root exploit

Divide and Conquer » Blog Archive » The vmsplice local root exploit — Tue, 12 Feb 2008 21:17:27 +0000

[...] are some Critical Linux kernel vmsplice security issues that hopefully have been patched properly. Fortunately the kernel on this server is too old to be [...]

By: devBLOG! » Analysis of the two recent Linux 2.6 local exploits (vmsplice)

devBLOG! » Analysis of the two recent Linux 2.6 local exploits (vmsplice) — Mon, 11 Feb 2008 20:59:04 +0000

[...] started writting a summary of the two recent Linux 2.6 locals but then found Daniel Drake weblog - he’s done an excellent job of pulling all the relevant bits [...]

By: Local Root Exploit | USmith Blog

Local Root Exploit | USmith Blog — Mon, 11 Feb 2008 19:24:52 +0000

[...] den anderen Hosts sah es aber leider nicht so gut aus. Daniel Drake und Tobi hatten es ja die Lücke schon gut beschrieben. Der Exploit ist, wenn man einen lokalen [...]

By: Daniel Drake

Daniel Drake — Mon, 11 Feb 2008 17:30:12 +0000

That’s not a configuration option. And, I haven’t tried myself, but I’ve seen a few reports that that runtime hack can also cause the kernel to crash (not surprising given that the exploit does the same sometimes)

By: Pawel

Pawel — Mon, 11 Feb 2008 16:31:41 +0000

“there is no configuration option to exclude vmsplice”

Really?

$ ./disable-vmsplice-if-exploitable
PAGE_SIZE: 4096
———————————–
Linux vmsplice Local Root Exploit
By qaaz
———————————–
[+] mmap: 0×0 .. 0×1000
[+] page: 0×0
[+] page: 0×20
[+] mmap: 0×4000 .. 0×5000
[+] page: 0×4000
[+] page: 0×4020
[+] mmap: 0×1000 .. 0×2000
[+] page: 0×1000
[+] mmap: 0xb7db6000 .. 0xb7de8000
[-] vmsplice: Function not implemented

$ uname -a
Linux xxxx 2.6.24-gentoo #8 SMP PREEMPT Fri Feb 8 15:34:20 CET 2008 i686 Intel(R) Core(TM)2 Duo CPU T7700 @ 2.40GHz GenuineIntel GNU/Linux

By: grml development blog

grml development blog — Mon, 11 Feb 2008 12:25:45 +0000

kernel 2.6.23-grml addressing CVE-2008-0009/10 available…

Kernel 2.6.23-grml.06 is available in the grml repository. It includes latest stable patch 2.6.23.16 which addresses the well known root exploits from CVE-2008-0009/10 (see bugzilla #9924 and debian BTS #464953 and dsd’s detailed explanation for furth…

By: vivo

vivo — Mon, 11 Feb 2008 10:05:51 +0000

http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.24.2 should fix CVE-2008-0600.