Stephan Wiesand wrote:
On Fri, 2009-08-14 at 11:59 +0100, Dr Andrew C Aitchison wrote:
On Fri, 14 Aug 2009, Urs Beyerle wrote:
I guess SL is affected like most other Linux distributions.
I'm not 100% sure, but setting vm.mmap_min_addr to a value above 0
should prevent an exploit.
# sysctl vm.mmap_min_addr=4096
The default on my SL53 machines appears to be 65536
so there may be no need to do this.
And Stephan Wiesand <[email protected]> replied:
I successfully rooted a 32bit SL5 system with SELinux enabled
and vm.mmap_min_addr=64k with the public exploit :-(
Did this machine have kernel-2.6.18-128.4.1.el5 and hence the
fix for CVE-2009-1895 which allows a user to bypass mmap_min_addr - see
Yes.
https://rhn.redhat.com/errata/RHSA-2009-1193.html ?
Though I did see that there are other ways of bypassing
vm.mmap_min_addr :-(
Yes, and they work fine :-/
Has anyone with a TAM with RedHat reported this to them yet?
I'm pretty sure someone has, I just want to verify and get a bug
tracking number.
Troy
--
__________________________________________________
Troy Dawson [email protected] (630)840-6468
Fermilab ComputingDivision/LCSI/CSI LMSS Group
__________________________________________________
