Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: [Full-disclosure] Linux kernel exploit
From: Marcus Meissner <meissner () suse de>
Date: Wed, 8 Dec 2010 15:26:56 +0100

On Wed, Dec 08, 2010 at 12:44:09AM +0300, Kai wrote:

 > Anyone tested this in sandbox yet?

00:37 linups:../expl/kernel > cat /etc/*release*
openSUSE 11.3 (i586)
VERSION = 11.3
00:37 linups:../expl/kernel > uname -r
2.6.34.4-0.1-desktop
00:37 linups:../expl/kernel > gcc _2.6.37.local.c -o test
00:37 linups:../expl/kernel > ./test
[*] Failed to open file descriptors.

openSUSE 11.2 and 11.3 do not have ECONET compiled,
openSUSE 11.1 has ECONET, but not the 0 ptr deref issue.

The CVE-2010-4258 problem is however in all openSUSEs.

Temporary workaround (for all distributions, not just openSUSE):
        echo 1 > /proc/sys/kernel/panic_on_oops
This will now panic the machine instead of making it exploitable.

Ciao, Marcus


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]