[dundee] Fwd: Local Exploit all 2.6.* kernals (slashdot)

azmodie azmodie at gmail.com
Mon Feb 11 00:14:21 GMT 2008 

>  Linux Kernel 2.6 Local Root Exploit
>  *Posted by kdawson on Sunday February 10, @03:23PM*
> *from the batten-the-hatches dept.*
>
> <http://it.slashdot.org/search.pl?tid=172>
> <http://it.slashdot.org/search.pl?tid=106>
> aquatix <http://aquariusoft.org/> writes *"This local root exploit (Debian<http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=464953>,
> Ubuntu<https://bugs.launchpad.net/ubuntu/+source/linux-source-2.6.22/+bug/190587>)
> seems to work everywhere I try it, as long as it's a Linux kernel version
> 2.6.17 to 2.6.24.1. If you don't trust your users (which you shouldn't),
> better compile a new kernel without vmsplice."* Here is millw0rm's
> proof-of-concept code <http://www.milw0rm.com/exploits/5092>.
>
>
>
works on all my boxes.

This patch was posted on the debian bug tracker

a modification of the exploit that finds the address of sys_vmsplice in the
> kernel (using /proc/kallsyms) and replaces the first byte with a RET instruction
> (using mmap of /dev/kmem) is available at
>
>   http://www.ping.uio.no/~mortehu/disable-vmsplice-if-exploitable.c <http://www.ping.uio.no/%7Emortehu/disable-vmsplice-if-exploitable.c>
>
> This patch seems to work well. although as its just a memory patch it wont
survive a reboot.
another person has posted an unoficial kernel  with vmsplice. if someone
will  do same for ubuntu or other distros is unknown.

although best bet seems to recompile the kernel without vmsplice.



-- 
Umbrella Corporation :-
"They are the fear within all of that there is a company. The Corporation
controlling everything that is Umbrella.
A combination of Microsoft and the US Military. At some level there is a
board of directors who meet once a
month and decide all of our fates."
-- Jeremy Bolt - Producer - Resident Evil : Apocalypse



-- 
Umbrella Corporation :-
"They are the fear within all of that there is a company. The Corporation
controlling everything that is Umbrella.
A combination of Microsoft and the US Military. At some level there is a
board of directors who meet once a
month and decide all of our fates."
-- Jeremy Bolt - Producer - Resident Evil : Apocalypse
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.lug.org.uk/pipermail/dundee/attachments/20080211/45ab7b95/attachment.html

More information about the dundee mailing list