FS#20876 : [kernel26] security alert x86

FS#20876 - [kernel26] security alert x86_64 Ac1db1tch3z exploit

Attached to Project: Arch Linux
Opened by Ike Devolder (BlackEagle) - Friday, 17 September 2010, 16:39 GMT
Last edited by Pierre Schmitz (Pierre) - Friday, 17 September 2010, 18:11 GMT

Task Type	Bug Report
Category	Packages: Core
Status	Closed
Assigned To	No-one
Architecture	x86_64
Severity	Critical
Priority	Normal
Reported Version
Due in Version	Undecided
Due Date	Undecided
Percent Complete
Votes	0
Private	No

Details

Description:

http://sota.gen.nz/compat2/
http://www.h-online.com/security/news/item/Hole-in-Linux-kernel-provides-root-rights-1081317.html
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-3081
http://seclists.org/fulldisclosure/2010/Sep/273

in short :: root access can be gained thru 32bit compatibility

Additional info:
* package version(s)
* config and/or log files etc.

Steps to reproduce:

use the exploit from one of the links:
http://sota.gen.nz/compat2/robert_you_suck.c

attached the commit in the kernel tree, you need to remove the tile stuff, in the attached one its already done.
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git&a=commitdiff&h=c41d68a513c71e35a14f66d71782d27a79a81ea6

linux-2.6.git-c41d68a513c71e3... (7 KiB)

This task depends upon

Closed by Pierre Schmitz (Pierre)
Friday, 17 September 2010, 18:11 GMT
Reason for closing: Fixed
Additional comments about closing: already in [testing]

Comment by Ionut Biru (wonder) - Friday, 17 September 2010, 16:51 GMT

http://mailman.archlinux.org/pipermail/arch-dev-public/2010-September/017953.html

Comment by Ike Devolder (BlackEagle) - Friday, 17 September 2010, 17:23 GMT

ok sorry didnt read the mailinglist

	Tasks related to this task (0)

Duplicate tasks of this task (0)

Arch Linux

FS#20876 - [kernel26] security alert x86_64 Ac1db1tch3z exploit

Details

Loading...