[svlug] Security advisory: kernel 2.6.[17-24] vmsplice vulnerabilities

Warren Turkal wturkal at gmail.com
Wed Feb 27 15:54:51 PST 2008

Previous message: [svlug] Security advisory: kernel 2.6.[17-24] vmsplice vulnerabilities
Next message: [svlug] Security advisory: kernel 2.6.[17-24] vmsplice vulnerabilities
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Do you know the CVE number? It would probably help people find if
there distro has the fix or not.

Thanks,,
wt

On Tue, Feb 26, 2008 at 12:39 AM, Rick Moen <rick at linuxmafia.com> wrote:
> This is a (slightly old) security mostly from two weeks ago, about
>  kernel vulnerabilities, all involving the vmsplice{} system call, that
>  permit easy local escalation to root-user privilege.[1]  (I notice nobody
>  mentioned it here, but figure it's severe enough that making sure
>  everyone is aware couldn't hurt.)  Any Linux machine with kernels 2.6.17
>  through 2.6.24 (maybe not literally all of those, but all of them
>  potentially) has a big problem; multiuser machines should be a
>  particular concern, but, hey, even on a single-user box, do you really
>  want arbitrary userspace code being able to escalate privilege to root?
>
>  Mainline kernel 2.6.24.2 fixed the problem -- as of course did vendor
>  kernel backports to earlier kernel versions.  _Your_ distro almost
>  certainly has (or recently had) a fix.  If in doubt, you should check to
>  see if you've received it (and rebooted).  Pre-2.6.17 kernels were never
>  affected (including 2.4.x), because they lack the vmsplice{} system
>  call.
>
>  (Just doing "uname -r" won't necessarily tell you enough.  For example,
>  the laptop in front of me reports "vmlinux-2.6.22-14-powerpc", which is
>  _not_ vulnerable because of a vendor backport.  Check your distro's
>  security advisories -- unless you prefer the direct approach of
>  compiling and running the exploit code: http://www.milw0rm.com/exploits/5092 )
>
>  Note:  If your system was vulnerable, and you weren't aware, then you
>  probably need to fix your system maintenance regime.
>
>
>  [1] It's a particularly tricky variant on regular stack overflows:
>  http://lwn.net/Articles/268783/
>  http://lwn.net/Articles/269532/
>
>
>  _______________________________________________
>  svlug mailing list
>  svlug at lists.svlug.org
>  http://lists.svlug.org/lists/listinfo/svlug
>

Previous message: [svlug] Security advisory: kernel 2.6.[17-24] vmsplice vulnerabilities
Next message: [svlug] Security advisory: kernel 2.6.[17-24] vmsplice vulnerabilities
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the svlug mailing list