Contribute  :  Advanced Search  :  Site Statistics  :  Directory  :  Polls  :  ABOUT MUTAKU.com  :  Folding@Home  :  NerdcoreProductions.com  :  STORE  
Mutaku.com Fresh brewed daily

advanced search 

Mutaku Store

Visit the Mutaku store for all kinds of great stuff from Mutaku and NerdcoreProductions. Not only will you find some great things, you'll also help keep Mutaku and NerdcoreProductions with each purchase. Thanks and enjoy!

What's New

STORIES

No new stories

Folding at Home

Using the Site

Welcome to Mutaku.com! You can check out stories by browsing the topics. Feel free to create a user account (we don't send any spam) - it is just so you can submit stories and comment in a way to keep the killer spam robots away. Contact us at admin at mutaku.com if you have any comments or questions.

Topics

Home
Daily Links Edition (17/5)
TUTORIALS/GUIDES (21/16)
Projects (1/1)
Rants and Raves (8/3)
General News (12/1)
Welcome to Mutaku.com
Thursday, September 09 2010 @ 12:20 PM EDT
   

Kernel Update to Fix Local Root Exploit

Tuesday, February 12 2008 @ 08:17 PM EST
Contributed by: xiao_haozi
Views: 2,890
General NewsThe Slackware team has released some kernel patches to fix the local root exploit you have probably read about recently. It seems that the updated kernel was available yesterday, but a lot of people, including us, did not receive the security advisory email due to some recent work on the mail server.


Missed the news? You can catch up with the link above or read a quick report here. Several exploits out there allow for a local user to gain root access by utilizing the vmsplice problem.

An example of such an exploit in action can be seen as posted at kerneltrap. From that post: 

From: Niki Denev <ndenev@...>
Subject: kernel 2.6.24.1 still vulnerable to the vmsplice local root exploit
Date: Feb 10, 2:04 am 2008

Hi,

As the subject says the 2.6.24.1 is still vulnerable to the vmsplice
local root exploit.

[opa@test tmp]$ uname -a
Linux tester 2.6.24.1 #1 Sun Feb 10 00:06:49 EST 2008 i686 unknown
[opa@test tmp]$ ./vms

-----------------------------------
 Linux vmsplice Local Root Exploit
 By qaaz
-----------------------------------
[+] mmap: 0x0 .. 0x1000
[+] page: 0x0
[+] page: 0x20
[+] mmap: 0x4000 .. 0x5000
[+] page: 0x4000
[+] page: 0x4020
[+] mmap: 0x1000 .. 0x2000
[+] page: 0x1000
[+] mmap: 0xb7f56000 .. 0xb7f88000
[+] root
[root@test tmp]#
[root@test tmp]# id
uid=0(root) gid=0(root) groups=2033(opa)
[root@test tmp]# uname -a
Linux test 2.6.24.1 #1 Sun Feb 10 00:06:49 EST 2008 i686 unknown

The Slackware FTP site has all the patches. For example if your kernel is kernel-generic-smp-2.6.21.5_smp-i686, you can grab the corresponding patch here. Then apply the appropriate Slackware 12.0 patch by running as root: 

upgradepkg kernel-generic-smp-2.6.21.5_smp-i686-2_slack12.0.tgz

Be sure to update your bootloader as well.
 

What's Related

Story Options

Trackback

Trackback URL for this entry: http://www.mutaku.com/geeklog/trackback.php?id=20080212201739880

No trackback comments for this entry.
Kernel Update to Fix Local Root Exploit | 0 comments | Create New Account
The following comments are owned by whomever posted them. This site is not responsible for what they say.

 Copyright © 2010 Mutaku.com
 All trademarks and copyrights on this page are owned by their respective owners.		 Powered By Geeklog 
Created this page in 0.02 seconds