Gentoo Archives: gentoo-security

From: Sune Kloppenborg Jeppesen <jaervosz@g.o>
To: gentoo-security@l.g.o
Subject: Re: [gentoo-security] kernel bug #59378 fixed?
Date: Mon, 09 Aug 2004 20:33:27
Message-Id: 200408092232.25457.jaervosz@gentoo.org
In Reply to: [gentoo-security] kernel bug #59378 fixed? by Frank Reich
1 -----BEGIN PGP SIGNED MESSAGE-----
2 Hash: SHA1
3
4 Hi Frank,
5
6 With -r12 you should be fine. I just brought this up with plasmaroo(kernel
7 maintainer). Here is what he has to say:
8
9 [22:25:52] <@plasmaroo> jaervosz: What file is it getting run on? I believe it
10 has to be a /proc.
11 [22:27:03] <@plasmaroo> jaervosz: Also; it's missing output.
12 [22:27:40] <@jaervosz> plasmaroo: seems like it should be proc, will you give
13 a short answer?
14 [22:27:41] <@plasmaroo> printf("\n[+] SUCCESS, lseek fails, reading kernel
15 mem...\n"); << That should get run on a vulnerable kernel!
16 [22:27:53] <@plasmaroo> jaervosz: And it's not in the output.
17 [22:28:17] <@jaervosz> but -r11 is vulnerable afair ?
18 [22:28:18] <@plasmaroo> jaervosz: I'm not on list so if you just want to paste
19 in my reply it would be very nice :-)
20 [22:28:26] <@jaervosz> ahh ok
21 [22:28:27] <@plasmaroo> It should be, correct.
22
23 On Monday 09 August 2004 21:53, Frank Reich wrote:
24 > Hello.
25 >
26 > I have a question regarding the recent file offset pointer handling
27 > vulnerability of all kernels <= 2.4.26 and <= 2.6.7. It's supposed to be
28 > fixed with gentoo-dev-sources-2.6.7-r12, which I'm running now.
29 >
30 > Well, before I updated to the r12 I used the r11. I tested the
31 > demo-exploit from Paul Starzetz
32 > (http://isec.pl/vulnerabilities/isec-0016-procleaks.txt) and got this
33 > output (something like this):
34 >
35 > $ ./proc_kmem_dump <very_large_uncached_file>
36 >
37 > [+] mmaped uncached file at 0x4013f000 - 0x727f2000
38 > [+] mmaped kernel data file at 0x727f3000
39 > [+] Race won!
40 > [+] READ 208 bytes in 2841381 usec
41 >
42 > I simply guessed that "race won" isn't really that good. So, I updated
43 > and then tested again with the same effect/ouput!
44 >
45 > Shouldn't the output be something different in of the two cases, since
46 > only the r12 has the fix included?
47 >
48 > Regards, Frank.
49 >
50 > PS: I wonder why doesn't the demo-exploit just say: "your kernel is
51 > vulnerable?"
52 >
53 > --
54 > gentoo-security@g.o mailing list
55
56 - --
57 Sune Kloppenborg Jeppesen
58 Gentoo Linux Security Team
59 -----BEGIN PGP SIGNATURE-----
60 Version: GnuPG v1.2.4 (GNU/Linux)
61
62 iD8DBQFBF99VzKC5hMHO6rkRAlfuAJ9T52uWgRjQUhxwbwpikD/QXD+d4gCfen8j
63 7hGcXDn6djcAkIlhpElhoJk=
64 =FJwg
65 -----END PGP SIGNATURE-----
66
67 --
68 gentoo-security@g.o mailing list

Replies

Subject Author
Re: [gentoo-security] kernel bug #59378 fixed? Frank Reich <hoshifr@×××.net>