Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: InfoSec Handlers Diary Blog - Linux Kernel Vulnerability ... 2.6.24.1 and prior InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Linux Kernel Vulnerability ... 2.6.24.1 and prior

Published: 2008-02-11
Last Updated: 2008-02-11 21:05:49 UTC
by Mari Nichols (Version: 3)
0 comment(s)

From the “batten the hatches department” (borrowed from slashdot), it seems like we have been doing a lot of battening lately and will do even more in the next…um, week or so?  Here is one for the Linux people on pre-patch Tuesday, oh my…

One of our readers, Chris, said, “http://it.slashdot.org/it/08/02/10/2011257.shtml apparently affecting RHEL5 and OpenSuSE 10.3 amongst other popular distributions, could be rather bad news.”

Gordon sent us this quote from Slashdot:  "This local root exploit (Debian, Ubuntu) seems to work everywhere I try it, as long as it's a Linux kernel version 2.6.17 to 2.6.24.1. If you don't trust your users (which you shouldn't), better compile a new kernel without vmsplice."

Here is the Security Focus Data: 

http://www.securityfocus.com/bid/27704/discuss

http://www.securityfocus.com/bid/27704/solution

So get busy people… we will keep you updated!  Send any comments here.

Update 1:  James gave us the link for the latest stable version of Linux Kernel is 2.6.24.2

Update 2:  RB wrote in and said, "Kernels using the grsecurity patches (eg. Gentoo hardened-sources) that are appropriately configured are not vulnerable to this.  According to the author, PAX_MEMORY_UDEREF is the critical component, among others.  I've verified this on several 2.6.23.14 32 and 64-bit systems."

 

 

Keywords:
0 comment(s)
Diary Archives