1 |
-----BEGIN PGP SIGNED MESSAGE----- |
2 |
Hash: SHA1 |
3 |
|
4 |
Hi Frank, |
5 |
|
6 |
With -r12 you should be fine. I just brought this up with plasmaroo(kernel |
7 |
maintainer). Here is what he has to say: |
8 |
|
9 |
[22:25:52] <@plasmaroo> jaervosz: What file is it getting run on? I believe it |
10 |
has to be a /proc. |
11 |
[22:27:03] <@plasmaroo> jaervosz: Also; it's missing output. |
12 |
[22:27:40] <@jaervosz> plasmaroo: seems like it should be proc, will you give |
13 |
a short answer? |
14 |
[22:27:41] <@plasmaroo> printf("\n[+] SUCCESS, lseek fails, reading kernel |
15 |
mem...\n"); << That should get run on a vulnerable kernel! |
16 |
[22:27:53] <@plasmaroo> jaervosz: And it's not in the output. |
17 |
[22:28:17] <@jaervosz> but -r11 is vulnerable afair ? |
18 |
[22:28:18] <@plasmaroo> jaervosz: I'm not on list so if you just want to paste |
19 |
in my reply it would be very nice :-) |
20 |
[22:28:26] <@jaervosz> ahh ok |
21 |
[22:28:27] <@plasmaroo> It should be, correct. |
22 |
|
23 |
On Monday 09 August 2004 21:53, Frank Reich wrote: |
24 |
> Hello. |
25 |
> |
26 |
> I have a question regarding the recent file offset pointer handling |
27 |
> vulnerability of all kernels <= 2.4.26 and <= 2.6.7. It's supposed to be |
28 |
> fixed with gentoo-dev-sources-2.6.7-r12, which I'm running now. |
29 |
> |
30 |
> Well, before I updated to the r12 I used the r11. I tested the |
31 |
> demo-exploit from Paul Starzetz |
32 |
> (http://isec.pl/vulnerabilities/isec-0016-procleaks.txt) and got this |
33 |
> output (something like this): |
34 |
> |
35 |
> $ ./proc_kmem_dump <very_large_uncached_file> |
36 |
> |
37 |
> [+] mmaped uncached file at 0x4013f000 - 0x727f2000 |
38 |
> [+] mmaped kernel data file at 0x727f3000 |
39 |
> [+] Race won! |
40 |
> [+] READ 208 bytes in 2841381 usec |
41 |
> |
42 |
> I simply guessed that "race won" isn't really that good. So, I updated |
43 |
> and then tested again with the same effect/ouput! |
44 |
> |
45 |
> Shouldn't the output be something different in of the two cases, since |
46 |
> only the r12 has the fix included? |
47 |
> |
48 |
> Regards, Frank. |
49 |
> |
50 |
> PS: I wonder why doesn't the demo-exploit just say: "your kernel is |
51 |
> vulnerable?" |
52 |
> |
53 |
> -- |
54 |
> gentoo-security@g.o mailing list |
55 |
|
56 |
- -- |
57 |
Sune Kloppenborg Jeppesen |
58 |
Gentoo Linux Security Team |
59 |
-----BEGIN PGP SIGNATURE----- |
60 |
Version: GnuPG v1.2.4 (GNU/Linux) |
61 |
|
62 |
iD8DBQFBF99VzKC5hMHO6rkRAlfuAJ9T52uWgRjQUhxwbwpikD/QXD+d4gCfen8j |
63 |
7hGcXDn6djcAkIlhpElhoJk= |
64 |
=FJwg |
65 |
-----END PGP SIGNATURE----- |
66 |
|
67 |
-- |
68 |
gentoo-security@g.o mailing list |