| 1 |
-----BEGIN PGP SIGNED MESSAGE----- |
| 2 |
Hash: SHA1 |
| 3 |
|
| 4 |
Hi all hardened users. |
| 5 |
|
| 6 |
On Oct. 19, a local privilege escalation exploit was found [1,2] that |
| 7 |
affected hardened kernels on all architectures. For certain |
| 8 |
configurations of the hardened kernel, it is possible for a local user |
| 9 |
to obtain root privileges. The current Proof-Of-Concept code can be |
| 10 |
frustrated by not providing symbol information via /proc/kallsyms or |
| 11 |
System.map, but at this time it is unclear if other hardening |
| 12 |
features such as CONFIG_PAX_MEMORY_UDEREF provide adequate protection |
| 13 |
against variations of the POC which do not need symbols. |
| 14 |
|
| 15 |
All users are encouraged to upgrade to hardened-sources-2.6.32-r22 |
| 16 |
which is currently marked stable on amd64 and x86. It is being fast |
| 17 |
tracked on other archs. [3] |
| 18 |
|
| 19 |
hardened-sources-2.6.35-r4 is also not vulnerable, but cannot be |
| 20 |
stabilized yet because of a bug in dhcp which also affects |
| 21 |
gentoo-sources-2.6.35-r4. [4] For those who want kernels > .32 and |
| 22 |
can live with the minor bug, you can safely use |
| 23 |
hardened-sources-2.6.35-r4. |
| 24 |
|
| 25 |
Later this week, all ebuild for vulnerable kernels will be removed |
| 26 |
from the tree, except for hardened-sources-2.6.34-r6 |
| 27 |
hardened-sources-2.6.32-r9 and hardened-sources-2.6.28-r9. These will |
| 28 |
be kept for continuity. |
| 29 |
|
| 30 |
|
| 31 |
Ref: |
| 32 |
|
| 33 |
[1] http://www.vsecurity.com/resources/advisory/20101019-1/ |
| 34 |
|
| 35 |
[2] http://bugs.gentoo.org/show_bug.cgi?id=341801 |
| 36 |
|
| 37 |
[3] http://bugs.gentoo.org/show_bug.cgi?id=341915 |
| 38 |
|
| 39 |
[4] http://bugs.gentoo.org/show_bug.cgi?id=334341 |
| 40 |
|
| 41 |
- -- |
| 42 |
Anthony G. Basile, Ph.D. |
| 43 |
Gentoo Developer |
| 44 |
-----BEGIN PGP SIGNATURE----- |
| 45 |
Version: GnuPG v2.0.16 (GNU/Linux) |
| 46 |
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ |
| 47 |
|
| 48 |
iEYEARECAAYFAkzBc6QACgkQl5yvQNBFVTW5ZACfYee41wo/CB227ZWrt2X5x4sG |
| 49 |
vxoAoKGpVvtXB48Sl/urvqqPenjpiq3x |
| 50 |
=P+g7 |
| 51 |
-----END PGP SIGNATURE----- |
Archives