1 |
Hello. |
2 |
|
3 |
I have a question regarding the recent file offset pointer handling |
4 |
vulnerability of all kernels <= 2.4.26 and <= 2.6.7. It's supposed to be |
5 |
fixed with gentoo-dev-sources-2.6.7-r12, which I'm running now. |
6 |
|
7 |
Well, before I updated to the r12 I used the r11. I tested the |
8 |
demo-exploit from Paul Starzetz |
9 |
(http://isec.pl/vulnerabilities/isec-0016-procleaks.txt) and got this |
10 |
output (something like this): |
11 |
|
12 |
$ ./proc_kmem_dump <very_large_uncached_file> |
13 |
|
14 |
[+] mmaped uncached file at 0x4013f000 - 0x727f2000 |
15 |
[+] mmaped kernel data file at 0x727f3000 |
16 |
[+] Race won! |
17 |
[+] READ 208 bytes in 2841381 usec |
18 |
|
19 |
I simply guessed that "race won" isn't really that good. So, I updated |
20 |
and then tested again with the same effect/ouput! |
21 |
|
22 |
Shouldn't the output be something different in of the two cases, since |
23 |
only the r12 has the fix included? |
24 |
|
25 |
Regards, Frank. |
26 |
|
27 |
PS: I wonder why doesn't the demo-exploit just say: "your kernel is |
28 |
vulnerable?" |
29 |
|
30 |
-- |
31 |
gentoo-security@g.o mailing list |