kernel 2.6.24.1 still vulnerable to the vmsplice local root exploit

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

From: Niki Denev

Subject: kernel 2.6.24.1 still vulnerable to the vmsplice local root exploit

Date: Saturday, February 9, 2008 - 11:04 pm

Hi,

As the subject says the 2.6.24.1 is still vulnerable to the vmsplice
local root exploit.

[opa@test tmp]$ uname -a
Linux tester 2.6.24.1 #1 Sun Feb 10 00:06:49 EST 2008 i686 unknown
[opa@test tmp]$ ./vms

-----------------------------------
 Linux vmsplice Local Root Exploit
 By qaaz
-----------------------------------
[+] mmap: 0x0 .. 0x1000
[+] page: 0x0
[+] page: 0x20
[+] mmap: 0x4000 .. 0x5000
[+] page: 0x4000
[+] page: 0x4020
[+] mmap: 0x1000 .. 0x2000
[+] page: 0x1000
[+] mmap: 0xb7f56000 .. 0xb7f88000
[+] root
[root@test tmp]#
[root@test tmp]# id
uid=0(root) gid=0(root) groups=2033(opa)
[root@test tmp]# uname -a
Linux test 2.6.24.1 #1 Sun Feb 10 00:06:49 EST 2008 i686 unknown

Is there any known fix/patch for this?
--
unsubscribe noticeTo unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

kernel 2.6.24.1 still vulnerable to the vmsplice local roo ..., Niki Denev, (Sat Feb 9, 11:04 pm)

Re: kernel 2.6.24.1 still vulnerable to the vmsplice local ..., Willy Tarreau, (Sat Feb 9, 11:32 pm)

Re: kernel 2.6.24.1 still vulnerable to the vmsplice local ..., Niki Denev, (Sat Feb 9, 11:38 pm)

Re: [PATCH] kernel 2.6.24.1 still vulnerable to the vmspli ..., Niki Denev, (Sun Feb 10, 2:40 am)

Re: [PATCH] kernel 2.6.24.1 still vulnerable to the vmspli ..., Oliver Pinter, (Sun Feb 10, 5:04 am)

Re: [PATCH] kernel 2.6.24.1 still vulnerable to the vmspli ..., Bastian Blank, (Sun Feb 10, 5:22 am)

Re: [PATCH] kernel 2.6.24.1 still vulnerable to the vmspli ..., Niki Denev, (Sun Feb 10, 5:39 am)

Re: [PATCH] kernel 2.6.24.1 still vulnerable to the vmspli ..., Bastian Blank, (Sun Feb 10, 5:47 am)

Re: [PATCH] kernel 2.6.24.1 still vulnerable to the vmspli ..., Niki Denev, (Sun Feb 10, 5:54 am)

Re: [PATCH] kernel 2.6.24.1 still vulnerable to the vmspli ..., Oliver Pinter, (Sun Feb 10, 6:02 am)

Re: [PATCH] kernel 2.6.24.1 still vulnerable to the vmspli ..., Niki Denev, (Sun Feb 10, 6:48 am)

Re: [stable] [PATCH] kernel 2.6.24.1 still vulnerable to t ..., Greg KH, (Sun Feb 10, 10:05 am)

Re: [stable] [PATCH] kernel 2.6.24.1 still vulnerable to t ..., Pekka Enberg, (Sun Feb 10, 10:11 am)

Re: [stable] [PATCH] kernel 2.6.24.1 still vulnerable to t ..., Oliver Pinter, (Sun Feb 10, 10:44 am)

Re: [stable] [PATCH] kernel 2.6.24.1 still vulnerable to t ..., Oliver Pinter, (Sun Feb 10, 10:48 am)


linux-kernel:
Greg Kroah-Hartman	[PATCH 041/196] kobject: add kobject_init_and_add function
Lukas Hejtmanek	Re: Another libata error related to OCZ SSD
Greg Kroah-Hartman	[PATCH 023/196] MCP_UCB1200: Convert from class_device to device
Florian Fainelli	Re: System clock runs too fast after 2.6.27 -> 2.6.28.1 upgrade
Christoph Lameter	[patch 1/4] mmu_notifier: Core code
git:
Johannes Schindelin	Re: [PATCH 1/2] Add strbuf_initf()
John Bito	[EGIT] Push to GitHub caused corruption
Jakub Narebski	Re: [PATCH 0/2] gitweb: patch view
Junio C Hamano	Re: [PATCH] When a remote is added but not fetched, tell the user.
Andy Parkins	Re: [RFC] Submodules in GIT
git-commits-head:
Linux Kernel Mailing List	ahci: Workaround HW bug for SB600/700 SATA controller PMP support
Linux Kernel Mailing List	V4L/DVB (11086): au0828: rename macro for currently non-function VBI support
Linux Kernel Mailing List	ceph: client types
Linux Kernel Mailing List	ceph: on-wire types
Linux Kernel Mailing List	crypto: chainiv - Use kcrypto_wq instead of keventd_wq
linux-netdev:
Andrew Morton	Re: [Bugme-new] [Bug 14969] New: b44: WOL does not work in suspended state
Giuseppe CAVALLARO	Re: [PATCH 03/13] stmmac: add the new Header file for stmmac platform data
Taku Izumi	[PATCH 3/3] ixgbe: add registers etc. printout code just before resetting adapters
Eric Dumazet	rps: some comments
Thomas Gleixner	Re: [RFC PATCH 02/12] On Tue, 23 Sep 2008, David Miller wrote:
openbsd-misc:
Stephan Andreas	problems with login after xlock in OpenBSD release 4.7
pmc	Make A Change. Alcoholism and Drug Addiction Treatment
ropers	Re: what exactly is enc0?
Fuad NAHDI	Re: What does your environment look like?
Matthew Szudzik	Typo on OpenBSD 4.4 CD Set