[Bug 190587] Re: Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)
Launchpad has imported 9 comments from the remote bug at
https://bugzilla.kernel.org/show_bug.cgi?id=9924.
If you reply to an imported comment from within Launchpad, your comment
will be sent to the remote bug automatically. Read more about
Launchpad's inter-bugtracker facilities at
https://help.launchpad.net/InterBugTracking.
On 2008-02-09T15:00:59+00:00 slava wrote:
Latest working kernel version:
Earliest failing kernel version: 2.6.17
Distribution: Gentoo
Hardware Environment:
Software Environment:
Problem Description:
Two root exploits have been reported:
http://milw0rm.com/exploits/5093
http://milw0rm.com/exploits/5092
Both exploits cause kernel Oops or (randomly) give root privilegies to
the user.
Here is the same bug reported in gentoo bugzilla:
http://bugs.gentoo.org/show_bug.cgi?id=209460
Steps to reproduce:
Compile and run the exploit.
Reply at: https://bugs.launchpad.net/ubuntu/+source/linux-
source-2.6.22/+bug/190587/comments/0
On 2008-02-09T16:30:03+00:00 dsd wrote:
Assuming this is about CVE-2008-0009/10, this is fixed with "[PATCH]
splice: missing user pointer access verification" which is included in
2.6.24.1 and 2.6.23.15. If someone can confirm my assumption, please
close this bug.
Reply at: https://bugs.launchpad.net/ubuntu/+source/linux-
source-2.6.22/+bug/190587/comments/1
On 2008-02-09T22:01:27+00:00 tm wrote:
It's not properly fixed in 2.6.24.1. E.g. see
http://bugs.gentoo.org/show_bug.cgi?id=209460
Reply at: https://bugs.launchpad.net/ubuntu/+source/linux-
source-2.6.22/+bug/190587/comments/2
On 2008-02-10T03:19:49+00:00 dsd wrote:
http://bugzilla.kernel.org/show_bug.cgi?id=9924
> It's not properly fixed in 2.6.24.1. E.g. see
> http://bugs.gentoo.org/show_bug.cgi?id=209460
Indeed, I can confirm this.
2.6.24.1 fixes this exploit:
http://milw0rm.com/exploits/5093
(labelled "Diane Lane ...")
but does not fix this one, which still gives me root access on 2.6.24.1:
http://milw0rm.com/exploits/5092
("jessica_biel_naked_in_my_bed.c")
alternative link to the still-working exploit:
http://bugs.gentoo.org/attachment.cgi?id=143059=view
Daniel
Reply at: https://bugs.launchpad.net/ubuntu/+source/linux-
source-2.6.22/+bug/190587/comments/4
On 2008-02-10T03:31:36+00:00 rpilar wrote:
This is NOT fixed in 2.6.24.1:
http://www.securityfocus.com/data/vulnerabilities/exploits/27704.c
But this probably is:
http://www.securityfocus.com/data/vulnerabilities/exploits/27704-2.c (at least
I can't reproduce it).
Linux Rimmer 2.6.24.1 #4 SMP PREEMPT Sat Feb 9 16:50:17 CET 2008 i686
GNU/Linux
Reply at: https://bugs.launchpad.net/ubuntu/+source/linux-
source-2.6.22/+bug/190587/comments/5
On 2008-02-10T03:31:37+00:00 dsd wrote:
I have personally tested both exploits under a recent 2.6.22 release,
latest 2.6.23 and latest 2.6.24. Results:
http://milw0rm.com/exploits/5093 ("diane_lane")
This was a bug added in 2.6.23, still present in 2.6.24, but fixed by
the most recent -stable releases for both branches:
- Not exploitable in 2.6.22.10
- Not exploitable in 2.6.23.15
- Not exploitable in 2.6.24.1
so this one is done and dusted...
http://milw0rm.com/exploits/5092 ("jessica_biel")
alt link: http://bugs.gentoo.org/attachment.cgi?id=143059=view
This is still exploitable in the latest kernel releases and the exploit
source suggests it has been present since 2.6.17
- Exploitable in 2.6.22.10
- Exploitable in 2.6.23.15
- Exploitable in 2.6.24.1
Reply at: https://bugs.launchpad.net/ubuntu/+source/linux-
source-2.6.22/+bug/190587/comments/6
On 2008-02-10T04:08:25+00:00 anonymous wrote:
Reply-To: a...@redhat.com
On Sun, Feb 10, 2008 at 11:28:51AM +, Daniel Drake wrote:
> I have personally tested both exploits under a recent 2.6.22 release,
> latest 2.6.23 and latest 2.6.24. Results:
There's a fix/explanation proposed for the other one on linux-kernel
Reply at: https://bugs.launchpad.net/ubuntu/+source/linux-
source-2.6.22/+bug/190587/comments/7
On 2008-02-10T15:32:01+00:00 dsd wrote:
fixed in Linus' tree as 712a30e63c8066ed84385b12edbfb804f49cbc44
Reply at: https://bugs.launchpad.net/ubuntu/+source/linux-
source-2.6.22/+bug/190587/comments/19
On 2021-10-15T17:59:43+00:00 ucelsanicin wrote:
Possibly similar to 23220 however on 64-bit recent Debian sid with
trivial code I see : https://www.webb-dev.co.uk/category/crypto/
mimas$
[Bug 190587] Re: Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)
Launchpad has imported 35 comments from the remote bug at https://bugzilla.redhat.com/show_bug.cgi?id=432251. If you reply to an imported comment from within Launchpad, your comment will be sent to the remote bug automatically. Read more about Launchpad's inter-bugtracker facilities at https://help.launchpad.net/InterBugTracking. On 2008-02-10T13:37:47+00:00 mjc wrote: A new system call named vmsplice() was introduced in the 2.6.17 release of the Linux kernel. COSEINC reported two issues affecting vmsplice, CVE-2008-0009 and CVE-2008-0010. On Saturday 20080210 a public exploit was released that utilised a similar flaw in vmsplice (vmsplice_to_pipe function) to allow a local user to gain privileges on some architectures. See also http://marc.info/?t=12026365533=1=2 This issue will affect kernels 2.6.17+ and therefore affected Red Hat Enterprise Linux 5, but not Red Hat Enterprise Linux 4, 3, or 2.1. Reply at: https://bugs.launchpad.net/ubuntu/+source/linux- source-2.6.22/+bug/190587/comments/8 On 2008-02-10T16:39:00+00:00 mjc wrote: Note that there may be a little confusion as there are actually three vmsplice issues: CVE-2008-0009 is already fixed upstream, does not affect any RHEL, has no public exploit. Upstream patch is the second hunk of: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=8811930dc74a503415b35c4a79d14fb0b408a361 CVE-2008-0010 is already fixed upstream, does not affect any RHEL, but has a public exploit. ( http://www.milw0rm.com/exploits/5093 ) Upstream patch is the first hunk of: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=8811930dc74a503415b35c4a79d14fb0b408a361 CVE-2008-0600 is not yet fixed upstream, affects RHEL5, and has a public exploit ( http://www.milw0rm.com/exploits/5092 ) Reply at: https://bugs.launchpad.net/ubuntu/+source/linux-source-2.6.22/+bug/190587/comments/12 On 2008-02-10T18:11:58+00:00 mjc wrote: Proposed patch for RHEL5 from Al Viro diff -urN linux-2.6.18.x86_64/fs/splice.c linux-2.6.18.x86_64-fix/fs/splice.c --- linux-2.6.18.x86_64/fs/splice.c 2008-02-10 11:08:19.0 -0500 +++ linux-2.6.18.x86_64-fix/fs/splice.c 2008-02-10 11:31:06.0 -0500 @@ -1154,6 +1154,9 @@ if (unlikely(!base)) break; + if (unlikely(!access_ok(VERIFY_READ, base, len))) + break; + /* * Get this base offset and number of pages, then map * in the user pages. Reply at: https://bugs.launchpad.net/ubuntu/+source/linux- source-2.6.22/+bug/190587/comments/14 On 2008-02-10T20:42:39+00:00 mjc wrote: Confirmed the patch blocks this issue for Red Hat Enterprise Linux 5; this specific exploit prints "[-] vmsplice: Bad address" and fails. Reply at: https://bugs.launchpad.net/ubuntu/+source/linux- source-2.6.22/+bug/190587/comments/20 On 2008-02-10T21:17:01+00:00 mjc wrote: Upstream fix: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=712a30e63c8066ed84385b12edbfb804f49cbc44 Reply at: https://bugs.launchpad.net/ubuntu/+source/linux-source-2.6.22/+bug/190587/comments/22 On 2008-02-10T22:05:50+00:00 mjc wrote: For Red Hat Enterprise Linux 5: CVSS v2 Base score: 7.2 (High) (AV:L/AC:L/Au:N/C:C/I:C/A:C) Reply at: https://bugs.launchpad.net/ubuntu/+source/linux- source-2.6.22/+bug/190587/comments/24 On 2008-02-10T23:16:13+00:00 redhat wrote: We added a quick and dirty patch for the problem here: http://home.powertech.no/oystein/ptpatch2008/ It is a kernel module that disables vmsplice, and logs any attempts to exploit the bug. As it it a loadable module it can easily be deployed on systems that can not be updated with a new kernel for various reasons. Reply at: https://bugs.launchpad.net/ubuntu/+source/linux- source-2.6.22/+bug/190587/comments/29 On 2008-02-10T23:38:28+00:00 seva wrote: Ola, I tried that module on a test system and got: kernel: general protection fault: [1] SMP Reply at: https://bugs.launchpad.net/ubuntu/+source/linux- source-2.6.22/+bug/190587/comments/31 On 2008-02-11T03:29:52+00:00 ryan wrote: The make file required some modification for PAE kernels due to path issues; once compiled module fails to load with: insmod: error inserting 'ptpatch2008.ko': -1
[Bug 190587] Re: Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)
** Changed in: centos Importance: Unknown => Critical -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/190587 Title: Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice) To manage notifications about this bug go to: https://bugs.launchpad.net/linux/+bug/190587/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 190587] Re: Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)
Launchpad has imported 29 comments from the remote bug at https://bugzilla.redhat.com/show_bug.cgi?id=432229. If you reply to an imported comment from within Launchpad, your comment will be sent to the remote bug automatically. Read more about Launchpad's inter-bugtracker facilities at https://help.launchpad.net/InterBugTracking. On 2008-02-10T06:08:43+00:00 Philip wrote: Description of problem: Local user can obtain root access (as described below). This bug is being actively exploited in the wild -- our server was just broken in to by an attacker using it. (They got a user's password by previously compromising a machine somewhere else where that user had an account, and installed a modified ssh binary on it to record user names and passwords. Then they logged in to our site as that user, exploited CVE-2008-0010, and became root). It is EXTREMELY urgent that a fixed kernel be provided ASAP given that this bug is being actively exploited in the wild. There is a fix listed upstream in 2.6.23.15 and 2.6.24.1. However, even after applying that patch and recompiling the kernel, the escalation-of-privilege exploit still worked so I am wondering if 2.6.23.15 does not completely fix it. Version-Release number of selected component (if applicable): All 2.6.23.x kernels How reproducible: 100% Steps to Reproduce: 1. Download http://downloads.securityfocus.com/vulnerabilities/exploits/27704.c 2. cc -o exploit 27704.c 3. [as non-privileged user] ./exploit Actual results: Root shell Expected results: No root shell. Additional info: When I altered the kernel spec file for 2.6.23.14-115.fc8 to pull 2.6.23.15 instead of 2.6.23.14 (and altered linux-2.6-highres-timers.patch to apply cleanly, and removed the already-included-in-2.6.23.15 patches linux-2.6-net-silence-noisy-printks.patch and linux-2.6-freezer-fix-apm-emulation-breakage.patch), rebuilt a new kernel RPM, installed it, and rebooted, the above exploit still worked. So it is possible an additional patch is needed against 2.6.23, unless I just goofed somehow in my kernel rebuild. (I did check and the file fs/splice.c was correctly patched and included the lines that were suppose to fix this problem...) Reply at: https://bugs.launchpad.net/ubuntu/+source/linux- source-2.6.22/+bug/190587/comments/1 On 2008-02-10T06:47:58+00:00 Bojan wrote: I see 2.6.23.15 has been built in Koji. When is this going to get pushed into stable updates? Reply at: https://bugs.launchpad.net/ubuntu/+source/linux- source-2.6.22/+bug/190587/comments/2 On 2008-02-10T12:10:53+00:00 Pavel wrote: *** Bug 432244 has been marked as a duplicate of this bug. *** Reply at: https://bugs.launchpad.net/ubuntu/+source/linux- source-2.6.22/+bug/190587/comments/5 On 2008-02-10T14:14:23+00:00 Pavel wrote: Relevant information about patch: http://lkml.org/lkml/2008/2/10/118 Reply at: https://bugs.launchpad.net/ubuntu/+source/linux- source-2.6.22/+bug/190587/comments/8 On 2008-02-10T14:19:44+00:00 Pavel wrote: Relevant discussion at gmane.linux.kernel mailing list: http://thread.gmane.org/gmane.linux.kernel/637339 Reply at: https://bugs.launchpad.net/ubuntu/+source/linux- source-2.6.22/+bug/190587/comments/9 On 2008-02-10T15:21:14+00:00 Jon wrote: Bringing in RH Security Response team. Reply at: https://bugs.launchpad.net/ubuntu/+source/linux- source-2.6.22/+bug/190587/comments/10 On 2008-02-10T19:38:37+00:00 Philip wrote: I can confirm that applying the patch at the bottom of http://lkml.org/lkml/2008/2/10/118 (thanks, Pavel!), as well as applying the patch in 2.6.23.15/2.6.24.1, does indeed prevent the published exploit from working on our system. Whether or not it closes all attack vectors, it is probably worth pushing out at least as an interim update since it prevents the published exploit from working and that published exploit is being actively exploited in the wild. Note that I believe a new CVE identifier has been assigned for the vulnerability that 2.6.23.15/2.6.24.1 does not fix: CVE-2008-0600 Also note that, unlike CVE-2008-0009/0010, this is not specific to the 2.6.23/2.6.24 kernels. Older kernels are vulnerable too (including, for example, 2.6.18-53.1.4.el5 -- on that kernel, it is necessary to add #define PAGE_SIZE getpagesize() to the published exploit, but with that addition it works to get an instant root shell.) I am *extremely* thankful this is only a local escalation-of-privilege and not a remote root. It's bad enough as it is given what seems
[Bug 190587] Re: Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)
** Changed in: mandriva Importance: Unknown = Critical -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/190587 Title: Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice) -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 190587] Re: Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)
** Changed in: linux Importance: Unknown = High -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/190587 Title: Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice) -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 190587] Re: Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)
No, I don't want to join at LinkedIn! -- Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice) https://bugs.launchpad.net/bugs/190587 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 190587] Re: Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)
Per Gentoo, it's now fixed in all releases. ** Changed in: gentoo Importance: Unknown = Undecided Bugwatch: Gentoo Bugzilla #209460 = None Status: Confirmed = New ** Changed in: gentoo Status: New = Fix Released -- Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice) https://bugs.launchpad.net/bugs/190587 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 190587] Re: Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)
** Changed in: gplcver (Ubuntu) Status: New = Invalid -- Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice) https://bugs.launchpad.net/bugs/190587 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 190587] Re: Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)
** Also affects: linux via http://bugzilla.kernel.org/show_bug.cgi?id=9924 Importance: Unknown Status: Unknown -- Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice) https://bugs.launchpad.net/bugs/190587 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 190587] Re: Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)
** Changed in: linux Status: Unknown = Fix Released -- Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice) https://bugs.launchpad.net/bugs/190587 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 190587] Re: Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)
** Tags added: metabug -- Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice) https://bugs.launchpad.net/bugs/190587 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 190587] Re: Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)
** Changed in: ubuntu Sourcepackagename: linux-source-2.6.24 = None Status: New = Fix Released -- Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice) https://bugs.launchpad.net/bugs/190587 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 190587] Re: Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)
linux (2.6.24-8.13) hardy; urgency=low [Soren Hansen] * Add missing iscsi modules to kernel udebs [Stefan Bader] * Lower message level for PCI memory and I/O allocation. [Tim Gardner] * Enabled IP_ADVANCED_ROUTER and IP_MULTIPLE_TABLES in sparc, hppa - LP: #189560 * Compile RealTek 8139 using PIO method. - LP: #90271 * Add WD WD800ADFS NCQ horkage quirk support. - LP: #147858 [Upstream Kernel Changes] * Introduce WEXT scan capabilities * DVB: cx23885: add missing subsystem ID for Hauppauge HVR1800 Retail * slab: fix bootstrap on memoryless node * vm audit: add VM_DONTEXPAND to mmap for drivers that need it (CVE-2008-0007) * USB: keyspan: Fix oops * usb gadget: fix fsl_usb2_udc potential OOPS * USB: CP2101 New Device IDs * USB: add support for 4348:5523 WinChipHead USB-RS 232 adapter * USB: Sierra - Add support for Aircard 881U * USB: Adding YC Cable USB Serial device to pl2303 * USB: sierra driver - add devices * USB: ftdi_sio - enabling multiple ELV devices, adding EM1010PC * USB: ftdi-sio: Patch to add vendor/device id for ATK_16IC CCD * USB: sierra: add support for Onda H600/Zte MF330 datacard to USB Driver for Sierra Wireless * USB: remove duplicate entry in Option driver and Pl2303 driver for Huawei modem * USB: pl2303: add support for RATOC REX-USB60F * USB: ftdi driver - add support for optical probe device * USB: use GFP_NOIO in reset path * USB: Variant of the Dell Wireless 5520 driver * USB: storage: Add unusual_dev for HP r707 * USB: fix usbtest halt check on big endian systems * USB: handle idVendor of 0x * forcedeth: mac address mcp77/79 * lockdep: annotate epoll * sys_remap_file_pages: fix -vm_file accounting * PCI: Fix fakephp deadlock * ACPI: update ACPI blacklist * x86: restore correct module name for apm * sky2: restore multicast addresses after recovery * sky2: fix for WOL on some devices * b43: Fix suspend/resume * b43: Drop packets we are not able to encrypt * b43: Fix dma-slot resource leakage * b43legacy: fix PIO crash * b43legacy: fix suspend/resume * b43legacy: drop packets we are not able to encrypt * b43legacy: fix DMA slot resource leakage * selinux: fix labeling of /proc/net inodes * b43: Reject new firmware early * sched: let +nice tasks have smaller impact * sched: fix high wake up latencies with FAIR_USER_SCHED * fix writev regression: pan hanging unkillable and un-straceable * Driver core: Revert Fix Firmware class name collision * drm: the drm really should call pci_set_master.. * splice: missing user pointer access verification (CVE-2008-0009/10) * Linux 2.6.24.1 * splice: fix user pointer access in get_iovec_page_array() * Linux 2.6.24.2 -- Tim Gardner [EMAIL PROTECTED] Thu, 07 Feb 2008 06:50:13 -0700 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2008-0007 ** Changed in: linux (Ubuntu) Status: Fix Committed = Fix Released -- Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice) https://bugs.launchpad.net/bugs/190587 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 190587] Re: Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)
** Also affects: gplcver (Ubuntu) Importance: Undecided Status: New -- Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice) https://bugs.launchpad.net/bugs/190587 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 190587] Re: Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)
Running Hardy Heron, Latest updates: [EMAIL PROTECTED]:~$ uname -a Linux ubuntu 2.6.24-7-generic #1 SMP Thu Feb 7 01:29:58 UTC 2008 i686 GNU/Linux [EMAIL PROTECTED]:~$ whoami kyle [EMAIL PROTECTED]:~$ ./local --- Linux vmsplice Local Root Exploit By qaaz --- [+] addr: 0xc011d7e0 [+] root [EMAIL PROTECTED]:~# whoami root [EMAIL PROTECTED]:~# ** Also affects: linux-source-2.6.24 (Ubuntu) Importance: Undecided Status: New -- Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice) https://bugs.launchpad.net/bugs/190587 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 190587] Re: Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)
** Changed in: debian Status: Fix Committed = Fix Released -- Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice) https://bugs.launchpad.net/bugs/190587 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 190587] Re: Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)
** Changed in: mandriva Status: In Progress = Fix Released -- Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice) https://bugs.launchpad.net/bugs/190587 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 190587] Re: Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)
** Changed in: centos Status: Confirmed = Fix Released -- Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice) https://bugs.launchpad.net/bugs/190587 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 190587] Re: Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)
I also confirm this in Hardy. -- Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice) https://bugs.launchpad.net/bugs/190587 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 190587] Re: Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)
When will the fixe be upgraded in repositories (gutsy)? -- Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice) https://bugs.launchpad.net/bugs/190587 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 190587] Re: Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)
Fedora and Debian do not support as many releases as Ubuntu and thus the time consumption to package and test if any regressions appear is longer than for others. But honestly, the time frame from the patches being published to having security updates in Ubuntu was ~ 48 hours, which is good in my opinion. Just compare it to once a month (granted that for such critical bugs MS would probably do an exception) -- Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice) https://bugs.launchpad.net/bugs/190587 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 190587] Re: Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)
I think that the number of supported releases should stay fairly static as support for older releases is dropped. For example, Edgy is only supported on the desktop until April, when Hardy is released. -- Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice) https://bugs.launchpad.net/bugs/190587 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 190587] Re: Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)
It seems to me that as the number of Ubuntu's supported releases continues to grow, it's going to get harder for the development team to verify bugs and get fixes out for all the supported versions. Aside from reporting bugs and exploits, how can users with programming experience assist with this? -- Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice) https://bugs.launchpad.net/bugs/190587 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 190587] Re: Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)
My compliments for the fast response for this exploit. I have just one question left about this exploit: I have just executed the proof-of-concept code (http://www.milw0rm.com/exploits/5092) again with the updated kernel. Is there no memory corruption at all with this new kernel version? Or should I reboot my pc after running the proof-of-concept) just for sure? Thanks. -- Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice) https://bugs.launchpad.net/bugs/190587 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 190587] Re: Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)
On Tue, 2008-02-12 at 19:11 +, Adna rim wrote: Means that there is an all or nothing policy? So even if the i386-patch would have been created and tested it hadn't been released before the patches for generic- and 64bit-kernels had been created and released? IIRC, the kernels are all put into a build queue at the same time. There is testing before it's sent off to be built by the machines that build for the repository. This would not be unlike the way PPA works. --- Mike -- Michael B. Trausch [EMAIL PROTECTED] home: 404-592-5746, 1 www.trausch.us cell: 678-522-7934 im: [EMAIL PROTECTED], jabber Ubuntu Unofficial Backports Project:http://backports.trausch.us/ -- Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice) https://bugs.launchpad.net/bugs/190587 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 190587] Re: Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)
On Tue, 2008-02-12 at 18:50 +, Martin Jürgens wrote: But honestly, the time frame from the patches being published to having security updates in Ubuntu was ~ 48 hours, which is good in my opinion. Just compare it to once a month (granted that for such critical bugs MS would probably do an exception) Eh, not necessarily. Microsoft took 18 months to fix a critical remote code execution exploit in their TCP/IP stack: http://www.microsoft.com/technet/security/Bulletin/MS06-032.mspx http://www.microsoft.com/technet/security/bulletin/ms08-001.mspx Ubuntu has done most excellently in getting this patched as soon as it did. Microsoft likes to sling mud at projects like Ubuntu for the number of open bugs that there are on the public bug trackers, but there is no point to it---it's pure FUD. We can't see what bugs they have in their internal trackers, and there are probably more of them (and far worse) than we have in ours. What we can see is that they take a long time to close critical security flaws in their operating system, and that is one of the many reasons there are to use Ubuntu. Let's not forget that. 48 hours? That's hardly nothing. Even 96 is nothing. --- Mike -- Michael B. Trausch [EMAIL PROTECTED] home: 404-592-5746, 1 www.trausch.us cell: 678-522-7934 im: [EMAIL PROTECTED], jabber Ubuntu Unofficial Backports Project:http://backports.trausch.us/ -- Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice) https://bugs.launchpad.net/bugs/190587 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 190587] Re: Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)
Thanks for the answer. Of course you are right, that 48h isn't that long for a just local exploit. And of course any comparison with MS is surely won by ubuntu :) I was just wondering why debian's updated kernel was so many hours before ubuntu's released. The places to patch the kernel- source should be exactly the same in both. thus the time consumption to package and test if any regressions appear is longer than for others. Means that there is an all or nothing policy? So even if the i386-patch would have been created and tested it hadn't been released before the patches for generic- and 64bit-kernels had been created and released? greets -- Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice) https://bugs.launchpad.net/bugs/190587 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 190587] Re: Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)
Thanks for the people who helped with fixing this bug! But I have a question: why had fedora and debian already released a updated kernel yesterday to fix this problem and why ubuntu just now with many hours delay to the other great distributions? Did you have any problem apling the debian-patch to the ubuntu kernel? greets -- Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice) https://bugs.launchpad.net/bugs/190587 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 190587] Re: Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)
Thanks for the people who helped with fixing this bug! But I have a question: why had fedora and debian already released a updated kernel yesterday to fix this problem and why ubuntu just now with many hours delay to the other great distributions? Did you have any problem apling the debian-patch to the ubuntu kernel? greets -- Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice) https://bugs.launchpad.net/bugs/190587 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 190587] Re: Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)
http://www.ubuntu.com/usn/usn-577-1 ** Changed in: linux-source-2.6.17 (Ubuntu) Assignee: Kees Cook (keescook) = Jamie Strandboge (jamie-strandboge) Status: Fix Committed = Fix Released ** Changed in: linux-source-2.6.20 (Ubuntu) Assignee: Kees Cook (keescook) = Jamie Strandboge (jamie-strandboge) Status: Fix Committed = Fix Released ** Changed in: linux-source-2.6.22 (Ubuntu) Assignee: Kees Cook (keescook) = Jamie Strandboge (jamie-strandboge) -- Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice) https://bugs.launchpad.net/bugs/190587 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 190587] Re: Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)
This bug was fixed in the package linux-source-2.6.22 - 2.6.22-14.52 --- linux-source-2.6.22 (2.6.22-14.52) gutsy-security; urgency=low [Tim Gardner] * splice: fix user pointer access in get_iovec_page_array() (CVE-2008-0600) - LP: #190587 -- Tim Gardner [EMAIL PROTECTED] Mon, 11 Feb 2008 10:01:17 -0700 ** Changed in: linux-source-2.6.22 (Ubuntu) Status: Fix Committed = Fix Released -- Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice) https://bugs.launchpad.net/bugs/190587 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 190587] Re: Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)
The exploit does not seem to work on feisty: $ gcc vmsplice.c -o vmsp $ ./vmsp --- Linux vmsplice Local Root Exploit By qaaz --- [+] mmap: 0x0 .. 0x1000 [+] page: 0x0 [+] page: 0x20 [+] mmap: 0x4000 .. 0x5000 [+] page: 0x4000 [+] page: 0x4020 [+] mmap: 0x1000 .. 0x2000 [+] page: 0x1000 [+] mmap: 0xb7e2 .. 0xb7e52000 Segmentation fault (core dumped) But the exploit works on Gusty and the fix in http://home.powertech.no/oystein/ptpatch2008/ptpatch2008.c seems to work: Remember that the Makefile (http://home.powertech.no/oystein/ptpatch2008/Makefile) has to be downloaded also. After you run make all, there will be a kernel module called ptpatch2008.ko in the same directory. Insert the module into the kernel: #insmod ptpatch2008.ko This will prevent the privilege escalation as long as the machine is not rebooted. You can also insert the module at startup in the event the machine is rebooted. This has worked for me so far, until we get an official fix in the repository. -- Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice) https://bugs.launchpad.net/bugs/190587 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 190587] Re: Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)
** Changed in: mandriva Status: Confirmed = In Progress -- Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice) https://bugs.launchpad.net/bugs/190587 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 190587] Re: Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)
** Changed in: linux (Fedora) Status: Fix Committed = Fix Released ** Changed in: centos Status: Unknown = Confirmed -- Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice) https://bugs.launchpad.net/bugs/190587 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 190587] Re: Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)
Tom, the present hotfix is dangerous. See http://lists.debian.org /debian-kernel/2008/02/msg00387.html -- Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice) https://bugs.launchpad.net/bugs/190587 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 190587] Re: Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)
@Boglizk: Not run it as root. -- Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice) https://bugs.launchpad.net/bugs/190587 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 190587] Re: Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)
Indeed, I ran the hotfix on my desktop last night (gutsy with latest updates) and as soon as it finished, running programs began to crash. I wasn't able to see any error messages to dmesg, but the system was unstable enough that I had to reboot it. I would *not* recommend running the hotfix. -- Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice) https://bugs.launchpad.net/bugs/190587 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 190587] Re: Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)
Hi, I was wondering how others are dealing with this, beyond the runtime patch on bootup. It seems like a tossup between grabbing/patching kernel source and waiting for the security update, does anyone know a rough eta on a safe gutsy kernel package? Thanks for the help, this is new territory for me. -- Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice) https://bugs.launchpad.net/bugs/190587 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 190587] Re: Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)
Yes, a remote root exploit. -- Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice) https://bugs.launchpad.net/bugs/190587 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 190587] Re: Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)
Kees - from what I can tell CVE-2008-0009 and CVE-2008-0010 affect only 2.6.23 through 2.6.24.1. CVE-2008-0600 affects 2.6.17 through 2.6.24.1. Greg k-h: It has been given CVE-2008-0600 to address this issue (09 and 10 only affect .23 and .24 kernels, and have been fixed.) We'll get all 3 CVEs fixed in the 2.6.24.2 stable tree, upon which Hardy 2.6.24-7.13 will be based. I am packaging fixes for Edgy/Feisty/Gusty . -- Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice) https://bugs.launchpad.net/bugs/190587 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 190587] Re: Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)
Duh. What about using the patch from the upstream? https://bugs.launchpad.net/ubuntu/+source/linux- source-2.6.22/+bug/190587/comments/26 -- Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice) https://bugs.launchpad.net/bugs/190587 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 190587] Re: Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)
Contrary to what I've been reading, I can confirm this on feisty, at least with AMD processor: [EMAIL PROTECTED]:~$ grep model name /proc/cpuinfo model name : Dual-Core AMD Opteron(tm) Processor 2218 model name : Dual-Core AMD Opteron(tm) Processor 2218 model name : Dual-Core AMD Opteron(tm) Processor 2218 model name : Dual-Core AMD Opteron(tm) Processor 2218 [EMAIL PROTECTED]:~$ uname -a Linux pie 2.6.20-16-generic #2 SMP Thu Jan 31 22:39:18 UTC 2008 x86_64 GNU/Linux [EMAIL PROTECTED]:~$ ./exploit --- Linux vmsplice Local Root Exploit By qaaz --- [+] mmap: 0x1000 .. 0x10001000 [+] page: 0x1000 [+] page: 0x1038 [+] mmap: 0x4000 .. 0x5000 [+] page: 0x4000 [+] page: 0x4038 [+] mmap: 0x1000 .. 0x2000 [+] page: 0x1000 [+] mmap: 0x2ac0a9f0d000 .. 0x2ac0a9f3f000 [+] root [EMAIL PROTECTED]:~# whoami root [EMAIL PROTECTED]:~# I also confirm the suggested hotfix (disable-vmsplice-if-exploitable.c) works: [EMAIL PROTECTED]:~$ cc disable-vmsplice-if-exploitable.c [EMAIL PROTECTED]:~$ ./a.out --- Linux vmsplice Local Root Exploit By qaaz --- [+] mmap: 0x1000 .. 0x10001000 [+] page: 0x1000 [+] page: 0x1038 [+] mmap: 0x4000 .. 0x5000 [+] page: 0x4000 [+] page: 0x4038 [+] mmap: 0x1000 .. 0x2000 [+] page: 0x1000 [+] mmap: 0x2acad5163000 .. 0x2acad5195000 [+] root Exploit gone! [EMAIL PROTECTED]:~$ ./exploit --- Linux vmsplice Local Root Exploit By qaaz --- [+] mmap: 0x1000 .. 0x10001000 [+] page: 0x1000 [+] page: 0x1038 [+] mmap: 0x4000 .. 0x5000 [+] page: 0x4000 [+] page: 0x4038 [+] mmap: 0x1000 .. 0x2000 [+] page: 0x1000 [+] mmap: 0x2b010025b000 .. 0x2b010028d000 [-] vmsplice [EMAIL PROTECTED]:~$ whoami ycsapo -- Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice) https://bugs.launchpad.net/bugs/190587 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 190587] Re: Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)
What about Gutsy, any update when the fix will be released? -- Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice) https://bugs.launchpad.net/bugs/190587 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 190587] Re: Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)
The fix for this vulnerability is in the 2.6.24.2 tree against which Hardy was recently updated and is in the process of being packaged for upload. ** Changed in: linux-source-2.6.17 (Ubuntu) Status: In Progress = Fix Committed ** Changed in: linux-source-2.6.20 (Ubuntu) Status: In Progress = Fix Committed ** Changed in: linux-source-2.6.22 (Ubuntu) Status: In Progress = Fix Committed ** Changed in: linux (Ubuntu) Status: In Progress = Fix Committed -- Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice) https://bugs.launchpad.net/bugs/190587 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 190587] Re: Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)
confirmed in gutsy 2.6.22-14-generic -- Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice) https://bugs.launchpad.net/bugs/190587 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 190587] Re: Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)
** Also affects: centos via https://bugzilla.redhat.com/show_bug.cgi?id=432251 Importance: Unknown Status: Unknown -- Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice) https://bugs.launchpad.net/bugs/190587 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 190587] Re: Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)
** Changed in: linux (Fedora) Status: Unknown = Fix Committed -- Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice) https://bugs.launchpad.net/bugs/190587 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 190587] Re: Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)
** Changed in: mandriva Status: Unknown = Confirmed -- Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice) https://bugs.launchpad.net/bugs/190587 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 190587] Re: Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)
** Changed in: gentoo Status: Unknown = Confirmed -- Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice) https://bugs.launchpad.net/bugs/190587 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 190587] Re: Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)
Why priority is high but no critical? Is there a higher criticity than a root exploit in 3 seconds? -- Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice) https://bugs.launchpad.net/bugs/190587 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 190587] Re: Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)
On Tue, Feb 12, 2008 at 03:18:36AM -, Yuri wrote: Contrary to what I've been reading, I can confirm this on feisty, at least with AMD processor: of course feisty is exploitable it works for 2.6.17-2.6.24.1 (and see the summary of the bug, 2.6.20 is mentionned). -- :wq -- Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice) https://bugs.launchpad.net/bugs/190587 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 190587] Re: Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)
Seems to fail on this part: if (!uid || !gid) die([EMAIL PROTECTED], 0); --- [EMAIL PROTECTED]:~$ gcc linux_vmsplice.c [EMAIL PROTECTED]:~$ ./a.out --- Linux vmsplice Local Root Exploit By qaaz --- [-] [EMAIL PROTECTED] [EMAIL PROTECTED]:~$ uname -a Linux thebox 2.6.22-14-generic #1 SMP Fri Feb 1 04:59:50 UTC 2008 i686 GNU/Linux -- Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice) https://bugs.launchpad.net/bugs/190587 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 190587] Re: Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)
** Changed in: debian Status: Unknown = Fix Committed -- Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice) https://bugs.launchpad.net/bugs/190587 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 190587] Re: Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)
Fixes for CVE-2008-0009, CVE-2008-0010: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=8811930dc74a503415b35c4a79d14fb0b408a361 Fixes for CVE-2008-0600: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=712a30e63c8066ed84385b12edbfb804f49cbc44 -- Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice) https://bugs.launchpad.net/bugs/190587 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 190587] Re: Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)
CVE-2008-0600 fixed in 2.6.22.18 [1,2] [1] http://lkml.org/lkml/2008/2/11/27 [2] http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.22.y.git;a=commitdiff;h=af395d8632d0524be27d8774a1607e68bdb4dd7f -- Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice) https://bugs.launchpad.net/bugs/190587 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 190587] Re: Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)
Upstream fix: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=712a30e63c8066ed84385b12edbfb804f49cbc44 -- Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice) https://bugs.launchpad.net/bugs/190587 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 190587] Re: Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)
Confirmed in Gutsy. Kernel 2.6.22-14-generic -- Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice) https://bugs.launchpad.net/bugs/190587 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 190587] Re: Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)
Gutsy/amd64 is affected too. -- Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice) https://bugs.launchpad.net/bugs/190587 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 190587] Re: Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)
Confirmed on feisty AMD64 (i386 isn't affected, AMD64 is). ** Also affects: linux-source-2.6.20 (Ubuntu) Importance: Undecided Status: New -- Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice) https://bugs.launchpad.net/bugs/190587 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 190587] Re: Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)
I also confirm that suggested hotfix fixes the problem until next reboot, of course. -- Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice) https://bugs.launchpad.net/bugs/190587 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 190587] Re: Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)
[EMAIL PROTECTED]:~/bin$ gcc exploitsrv.c -o exploitsrv [EMAIL PROTECTED]:~/bin$ whoami steve [EMAIL PROTECTED]:~/bin$ ./exploitsrv --- Linux vmsplice Local Root Exploit By qaaz --- [+] mmap: 0x0 .. 0x1000 [+] page: 0x0 [+] page: 0x20 [+] mmap: 0x4000 .. 0x5000 [+] page: 0x4000 [+] page: 0x4020 [+] mmap: 0x1000 .. 0x2000 [+] page: 0x1000 [+] mmap: 0xb7e44000 .. 0xb7e76000 [+] root [EMAIL PROTECTED]:~/bin# uname -a Linux genesis 2.6.22-14-server #1 SMP Fri Feb 1 05:28:54 UTC 2008 i686 GNU/Linux [EMAIL PROTECTED]:~/bin# -- Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice) https://bugs.launchpad.net/bugs/190587 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 190587] Re: Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)
Luis Alcaraz (Mexico) Confirmed on Ubuntu 7.10 2.6.22-14-generic --- [EMAIL PROTECTED]:~$ vim exploit.c [EMAIL PROTECTED]:~$ gcc exploit.c -o exploit [EMAIL PROTECTED]:~$ whoami lalcaraz [EMAIL PROTECTED]:~$ ./exploit --- Linux vmsplice Local Root Exploit By qaaz --- [+] mmap: 0x0 .. 0x1000 [+] page: 0x0 [+] page: 0x20 [+] mmap: 0x4000 .. 0x5000 [+] page: 0x4000 [+] page: 0x4020 [+] mmap: 0x1000 .. 0x2000 [+] page: 0x1000 [+] mmap: 0xb7e29000 .. 0xb7e5b000 [+] root [EMAIL PROTECTED]:~# whoami root [EMAIL PROTECTED]:~# uname -a Linux lalcaraz-laptop 2.6.22-14-generic #1 SMP Fri Feb 1 04:59:50 UTC 2008 i686 GNU/Linux [EMAIL PROTECTED]:~# -- Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice) https://bugs.launchpad.net/bugs/190587 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 190587] Re: Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)
The Security Team is working on getting the fix built up. We should have updated kernels available shortly. ** Also affects: linux-source-2.6.17 (Ubuntu) Importance: Undecided Status: New ** Changed in: linux-source-2.6.17 (Ubuntu) Importance: Undecided = Critical Assignee: (unassigned) = Kees Cook (keescook) Status: New = In Progress ** Changed in: linux-source-2.6.20 (Ubuntu) Importance: Undecided = High Assignee: (unassigned) = Kees Cook (keescook) Status: New = In Progress ** Changed in: linux (Ubuntu) Importance: Critical = High Status: Confirmed = In Progress Target: None = hardy-alpha-5 ** Changed in: linux-source-2.6.17 (Ubuntu) Importance: Critical = High ** Changed in: linux-source-2.6.22 (Ubuntu) Importance: Critical = High Assignee: (unassigned) = Kees Cook (keescook) Status: Confirmed = In Progress -- Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice) https://bugs.launchpad.net/bugs/190587 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 190587] Re: Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)
Hi guys, Just got a question in regards to the above theory, you have mentioned that kernel 2.6.17-2.6.24 is affected whereas a normal user have the ability to login as root with no password and sudo command,so my question here is that I have two version of Kernel on two separate machines 2.6.15-26 and 2.6.16 are these kernel affected as well. If they are what patch should we follow to stop this from happening It will be please of some expert answer my query as I am new to Linux and security topics Thanks in advanced Fadi -- Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice) https://bugs.launchpad.net/bugs/190587 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 190587] Re: Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)
For record, Dapper (2.6.15) is not affected. Also, CVEs for these issues are: CVE-2008-0009 (2.6.22+), CVE-2008-0010 (2.6.17+ -- see get_iovec_page_array prior to 2.6.22), CVE-2008-0600 (2.6.17+). ** Changed in: linux-source-2.6.15 (Ubuntu) Status: New = Invalid -- Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice) https://bugs.launchpad.net/bugs/190587 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 190587] Re: Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)
Hi, This doesn't work, because it still creates a DoS condition when it alters your memory map. On Mon, 2008-02-11 at 07:08 +, slasher-fun wrote: Temporary fix : * Download http://www.ping.uio.no/~mortehu/disable-vmsplice-if-exploitable.c * Compile it using gcc (so gcc disable-vmsplice-if-exploitable.c -o rm_exploit) as normal user * Run it as normal user -- You are now protected until the next reboot of the system -- Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice) https://bugs.launchpad.net/bugs/190587 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 190587] Re: Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)
Just some corrections to my previous post : Line 4 : * Compile it using gcc (so gcc disable-vmsplice-if-exploitable.c -o rm_exploit without the quotes) as normal user Line 5 : * Run it as normal user (./rm_exploit without the quotes) -- Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice) https://bugs.launchpad.net/bugs/190587 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 190587] Re: Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)
Thanks Ante, How did you test kernel 2.6.15 I have a machine here with kernel 2.6.16 and might test on it On Feb 11, 2008 5:47 PM, Ante Karamatić [EMAIL PROTECTED] wrote: Fadi, no, 2.6.15 isn't affected. I can't test 2.6.16, but it also shouldn't be affected. -- Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice) https://bugs.launchpad.net/bugs/190587 You received this bug notification because you are a direct subscriber of the bug. Status in Source Package linux in Ubuntu: In Progress Status in Source Package linux-source-2.6.17 in Ubuntu: In Progress Status in Source Package linux-source-2.6.20 in Ubuntu: In Progress Status in Source Package linux-source-2.6.22 in Ubuntu: In Progress Status in Debian GNU/Linux: Unknown Status in Source Package linux in Fedora: Unknown Status in Gentoo Linux: Unknown Status in Mandriva Linux: Unknown Bug description: https://bugs.gentoo.org/show_bug.cgi?id=209460 works on at least Hardy 2.6.24-7, Edgy 2.6.17-12, but not on Feisty 2.6.20-16. -- Regards, Fadi Kaba [EMAIL PROTECTED] -- Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice) https://bugs.launchpad.net/bugs/190587 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 190587] Re: Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)
Fadi, no, 2.6.15 isn't affected. I can't test 2.6.16, but it also shouldn't be affected. -- Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice) https://bugs.launchpad.net/bugs/190587 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 190587] Re: Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)
** Bug watch added: Mandriva Linux #37678 http://qa.mandriva.com/show_bug.cgi?id=37678 ** Also affects: mandriva via http://qa.mandriva.com/show_bug.cgi?id=37678 Importance: Unknown Status: Unknown -- Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice) https://bugs.launchpad.net/bugs/190587 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 190587] Re: Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)
2008/2/11 Fadi Kaba [EMAIL PROTECTED]: Thanks Ante, How did you test kernel 2.6.15 I have a machine here with kernel 2.6.16and might test on it On Feb 11, 2008 5:47 PM, Ante Karamatić [EMAIL PROTECTED] wrote: Fadi, no, 2.6.15 isn't affected. I can't test 2.6.16, but it also shouldn't be affected. -- Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice) https://bugs.launchpad.net/bugs/190587 You received this bug notification because you are a direct subscriber of the bug. Status in Source Package linux in Ubuntu: In Progress Status in Source Package linux-source-2.6.17 in Ubuntu: In Progress Status in Source Package linux-source-2.6.20 in Ubuntu: In Progress Status in Source Package linux-source-2.6.22 in Ubuntu: In Progress Status in Debian GNU/Linux: Unknown Status in Source Package linux in Fedora: Unknown Status in Gentoo Linux: Unknown Status in Mandriva Linux: Unknown Bug description: https://bugs.gentoo.org/show_bug.cgi?id=209460 works on at least Hardy 2.6.24-7, Edgy 2.6.17-12, but not on Feisty 2.6.20-16. -- Regards, Fadi Kaba [EMAIL PROTECTED] -- Regards, Fadi Kaba [EMAIL PROTECTED] -- Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice) https://bugs.launchpad.net/bugs/190587 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 190587] Re: Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)
Temporary fix : * Download http://www.ping.uio.no/~mortehu/disable-vmsplice-if-exploitable.c * Compile it using gcc (so gcc disable-vmsplice-if-exploitable.c -o rm_exploit) as normal user * Run it as normal user -- You are now protected until the next reboot of the system -- Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice) https://bugs.launchpad.net/bugs/190587 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 190587] Re: Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)
** Also affects: linux-source-2.6.15 (Ubuntu) Importance: Undecided Status: New -- Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice) https://bugs.launchpad.net/bugs/190587 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
