David wrote: > David Montminy wrote: >> I hope you are all aware of this kernel bug that can give root privilege: >> >> http://www.h-online.com/open/news/item/Hole-in-the-Linux-kernel-allows-root-access-850016.html >> >> This exploit will be fixed starting with kernels 2.6.32 and up >> >> An exploit might possibly be released today, so you might want to read >> these instructions (for Debian): >> >> http://wiki.debian.org/mmap_min_addr >> >> you can set the problamatic value to something other than 0 with: >> >> sysctl -w vm.mmap_min_addr="0" >> >> This will break the following packages (according to the debian Docs): >> -Dosemu running as user (other than root) >> -Wine with win16 binaries >> -Bitbake >> -qemu running as user (other than root) >> >> David Montminy >> _______________________________________________ >> mlug mailing list >> [email protected] >> https://listes.koumbit.net/cgi-bin/mailman/listinfo/mlug-listserv.mlug.ca >> > > Isn't this the same bug that was found in August? > > http://lists.grok.org.uk/pipermail/full-disclosure/2009-August/070197.html > > David f. > > _______________________________________________ > mlug mailing list > [email protected] > https://listes.koumbit.net/cgi-bin/mailman/listinfo/mlug-listserv.mlug.ca
Not entirely... One is for sockets (like in include/linux/net.h) where structs of operations called proto_ops can be exploited via a null pointer, and the other is in pipe.c and the exploit, while very similar doesn't use the network stack... Or if you want the CVE numbers it's CVE-2009-2692 vs CVE-2009-3547 But since the fix is the same, I guess it doesn't really mater that much if they aren't the exact same exploit David Montminy _______________________________________________ mlug mailing list [email protected] https://listes.koumbit.net/cgi-bin/mailman/listinfo/mlug-listserv.mlug.ca
