Fix for vmsplice exploit...
Alex Hewitt
hewitt_tech at comcast.net
Wed Feb 13 12:41:38 EST 2008
Just after I turned on my Ubuntu 7.10 laptop this morning the update
manager informed me of a fix for the vmsplice exploit. The description:
The vmsplice_to_pipe function in Linux kernel 2.6.17 through 2.6.24.1
does not validate a certain userspace pointer before dereference, which
allows local users to gain root privileges via crafted arguments in a
vmsplice system call, a different vulnerability than CVE-2008-0009 and
CVE-2008-0010.
After rebooting I confirmed the fix by re-running the roothole program
which failed. The output:
~$ ./roothole
-----------------------------------
Linux vmsplice Local Root Exploit
By qaaz
-----------------------------------
[+] mmap: 0x0 .. 0x1000
[+] page: 0x0
[+] page: 0x20
[+] mmap: 0x4000 .. 0x5000
[+] page: 0x4000
[+] page: 0x4020
[+] mmap: 0x1000 .. 0x2000
[+] page: 0x1000
[+] mmap: 0xb7d82000 .. 0xb7db4000
[-] vmsplice: Bad address
$
-Alex
More information about the gnhlug-discuss
mailing list