Re: [DSA 1494-1] Still vulnerable?

From: Jens Schüßler <jgs(at)trash.net>
Date: Tue Feb 12 2008 - 15:18:30 EST

• Florian Weimer <fw@deneb.enyo.de> wrote:
  > * Jens Schüßler:
  >
  > > I just upgraded my linux-source-2.6.18 to 2.6.18.dfsg.1-18etch1_all and
  > > build a new linux-image. But after installing an rebooting I still was
  > > able to become root with this exploit:
  > > http://milw0rm.com/exploits/5092
  > >
  > > Can anyone reproduce this?
  >
  > Not in our tests. Are you sure you're running the new kernel? What
  > does "uname -a" say?
  $uname -a Linux algol 2.6.18+2008-02-12 #1 Tue Feb 12 16:49:10 CET 2008 i686 GNU/Linux

As I said, fresh compiled from the new sources-Packet

horst@algol:~$ tmp/splice_ex

---

 Linux vmsplice Local Root Exploit
 By qaaz

---

[+] mmap: 0x0 .. 0x1000
[+] page: 0x0
[+] page: 0x20
[+] mmap: 0x4000 .. 0x5000
[+] page: 0x4000
[+] page: 0x4020
[+] mmap: 0x1000 .. 0x2000
[+] page: 0x1000
[+] mmap: 0xb7d92000 .. 0xb7dc4000
[+] root

root@algol:~#

??
>
> Has this machine been upgraded from sarge? Then you need to edit
> /etc/kernel-img.conf to adjust the path to update-grub (or just use
> "update-grub" without path).

update-grub runs normal, this postinstall line is there for long time.

Greets
Jens Received on Tue Feb 12 15:37:04 2008