Gentoo Archives: gentoo-security

From: Frank Reich <hoshifr@×××.net>
To: gentoo-security@l.g.o
Subject: [gentoo-security] kernel bug #59378 fixed?
Date: Mon, 09 Aug 2004 19:54:54
Message-Id: 4117D624.4060307@gmx.net
1 Hello.
2
3 I have a question regarding the recent file offset pointer handling
4 vulnerability of all kernels <= 2.4.26 and <= 2.6.7. It's supposed to be
5 fixed with gentoo-dev-sources-2.6.7-r12, which I'm running now.
6
7 Well, before I updated to the r12 I used the r11. I tested the
8 demo-exploit from Paul Starzetz
9 (http://isec.pl/vulnerabilities/isec-0016-procleaks.txt) and got this
10 output (something like this):
11
12 $ ./proc_kmem_dump <very_large_uncached_file>
13
14 [+] mmaped uncached file at 0x4013f000 - 0x727f2000
15 [+] mmaped kernel data file at 0x727f3000
16 [+] Race won!
17 [+] READ 208 bytes in 2841381 usec
18
19 I simply guessed that "race won" isn't really that good. So, I updated
20 and then tested again with the same effect/ouput!
21
22 Shouldn't the output be something different in of the two cases, since
23 only the r12 has the fix included?
24
25 Regards, Frank.
26
27 PS: I wonder why doesn't the demo-exploit just say: "your kernel is
28 vulnerable?"
29
30 --
31 gentoo-security@g.o mailing list

Replies

Subject Author
Re: [gentoo-security] kernel bug #59378 fixed? Benjamin Martin <outrage@×××.net>
Re: [gentoo-security] kernel bug #59378 fixed? Sune Kloppenborg Jeppesen <jaervosz@g.o>
Re: [gentoo-security] kernel bug #59378 fixed? Marc Ballarin <Ballarin.Marc@×××.de>