| Anonymous | Login | Signup for a new account | 2010-07-31 10:01 UTC |
| Main | My View | View Issues | Roadmap | Docs |
| Viewing Issue Simple Details [ Jump to Notes ] | [ View Advanced ] [ Issue History ] [ Print ] | ||||||
| ID | Category | Severity | Reproducibility | Date Submitted | Last Update | ||
| 0002667 | [CentOS-5] kernel-PAE | major | always | 2008-02-10 23:34 | 2008-02-13 22:51 | ||
| Reporter | jtimberman | View Status | public | ||||
| Assigned To | |||||||
| Priority | normal | Resolution | fixed | ||||
| Status | resolved | Product Version | 5.1 | ||||
| Summary | 0002667: Local root exploit in kernel vmsplice | ||||||
| Description |
This was reported on Slashdot, and there's bug reports open for Ubuntu, Debian and Gentoo. The proof of concept code by milw0rm didn't work, but the code posted on the Gentoo site did. $ uname -r 2.6.18-53.1.4.el5.centos.plusPAE $ whoami jtimberman $ gcc vmsplice.c -o vmsplice $ ./vmsplice ----------------------------------- Linux vmsplice Local Root Exploit By qaaz ----------------------------------- [+] mmap: 0x0 .. 0x1000 [+] page: 0x0 [+] page: 0x20 [+] mmap: 0x4000 .. 0x5000 [+] page: 0x4000 [+] page: 0x4020 [+] mmap: 0x1000 .. 0x2000 [+] page: 0x1000 [+] mmap: 0xb7f8c000 .. 0xb7fbe000 [+] root $ whoami root $ id uid=0(root) gid=0(root) groups=10(wheel),100(users) context=user_u:system_r:unconfined_t $ exit $ id uid=502(jtimberman) gid=10(wheel) groups=10(wheel),100(users) context=user_u:system_r:unconfined_t |
||||||
| Additional Information |
Gentoo bug report: https://bugs.gentoo.org/show_bug.cgi?id=209460 [^] Code used in above: https://bugs.gentoo.org/attachment.cgi?id=143059&action=view [^] |
||||||
| Tags | No tags attached. | ||||||
| Attached Files | |||||||
|
|
|||||||
 Relationships |
||||||
|
||||||
|
Notes |
|
|
(0006866) jtimberman (reporter) 2008-02-10 23:36 |
This is also on Red Hat's bugzilla, so I expect updates coming downstream to CentOS soon? https://bugzilla.redhat.com/show_bug.cgi?id=432251 [^] |
|
(0006875) Lovingod (reporter) 2008-02-12 13:47 |
Could you provide us with the deadline for this question? Approximate date or something?... |
|
(0006878) jtimberman (reporter) 2008-02-12 19:37 |
No deadline, mainly an assumption that Centos will patch for the vulnerability via patch from Red Hat. |
|
(0006883) fskrotzki (reporter) 2008-02-13 16:05 |
RedHat released fixes: https://rhn.redhat.com/errata/RHSA-2008-0129.html [^] |
|
(0006884) toracat (developer) 2008-02-13 16:52 |
So did CentOS: http://lists.centos.org/pipermail/centos-announce/2008-February/014684.html [^] http://lists.centos.org/pipermail/centos-announce/2008-February/014685.html [^] |
|
Issue History |
|||
| Date Modified | Username | Field | Change |
| 2008-02-10 23:34 | jtimberman | New Issue | |
| 2008-02-10 23:34 | jtimberman | Assigned To | => kbsingh@karan.org |
| 2008-02-10 23:36 | jtimberman | Note Added: 0006866 | |
| 2008-02-11 10:17 | range | Relationship added | duplicate of 0002666 |
| 2008-02-12 13:47 | Lovingod | Note Added: 0006875 | |
| 2008-02-12 19:37 | jtimberman | Note Added: 0006878 | |
| 2008-02-13 16:05 | fskrotzki | Note Added: 0006883 | |
| 2008-02-13 16:52 | toracat | Note Added: 0006884 | |
| 2008-02-13 22:51 | kbsingh@karan.org | Status | new => resolved |
| 2008-02-13 22:51 | kbsingh@karan.org | Fixed in Version | => 5.1 |
| 2008-02-13 22:51 | kbsingh@karan.org | Resolution | open => fixed |
| Copyright © 2000 - 2009 Mantis Group |  |
