Archive for February, 2008

Kernel privledge escalation links

February 11, 2008

Hey Kevin, Veter, whoever’s reading this. There’s an exploit going around and almost every linux kernel from 2.6.17 to 2.6.24.1 is vulnerable. It allows a user with access to a compiler, the ability to compile 1 .c file and run it to become root.

The exploit: http://www.milw0rm.com/exploits/5092

(to use it, save the code, run: gcc filename-of-saved.c -o whatever && ./whatever )

The in-memory fix: http://www.ping.uio.no/~mortehu/disable-vmsplice-if-exploitable.c

This does fix the vmsplice exploit, and you compile and run it the same way you run the exploit, but it seems that it may also open up a DoS condition…Not sure which is worse or if it’s worth the risk.

The upstream kernel fixes: http://tinyurl.com/2kd7u3 & http://tinyurl.com/2uyymj

These are the fixes if you choose to compile a kernel, also, the 2.6.24.2 kernel has the fixes already in.

There should be new kernel packages in all the distros (we mainly run CentOS…and i’m assuming they will probably have the packages in byWednesday at the latest) by mid-week, but in order for them to apply, we’d need to reboot them.

As a final side note, NO FREEBSD SERVERS ARE VULNERABLE. 🙂