Not logged in
Log in now
Create an account
Subscribe to LWN
Pencil, Pencil, and Pencil
Dividing the Linux desktop
LWN.net Weekly Edition for June 13, 2013
A report from pgCon 2013
Little things that matter in language design
man@centaur:~> cat /etc/SuSE-release
SUSE Linux Enterprise Server 11 (x86_64)
VERSION = 11
PATCHLEVEL = 1
Ac1dB1tCh3z VS Linux kernel 2.6 kernel 0d4y
$$$ Kallsyms +r
$$$ K3rn3l r3l3as3: 184.108.40.206-0.5-default
$$$ Kernel Credentials detected
$$$ K3rn3l per_cpu r3l0cs 3n4bl3d!
??? Trying the F0PPPPPPPPPPPPPPPPpppppppppp_____ m3th34d
$$$ w34p0n 0f ch01c3: F0PZzZzzz
$$$ Bu1ld1ng r1ngzer0c00l sh3llc0d3 - F0PZzzZzZZ/LSD(M) m3th34d
$$$ Prepare: m0rn1ng w0rk0ut b1tch3z
$$$ Us1ng cr3d s3ash3llc0d3z
$$$ 0p3n1ng th3 m4giq p0rt4l
$$$ m4q1c p0rt4l l3n f0und: 0x7ece73bc
$$$ 0v3r thr0w f0ps g0v3rnm3nt
!!! y0u fuq1ng f41l. g3t th3 fuq 0ut!
Distribution security response times
Posted Sep 23, 2010 11:37 UTC (Thu) by wookey (subscriber, #5501)
Posted Sep 23, 2010 11:55 UTC (Thu) by nix (subscriber, #2304)
Posted Sep 23, 2010 13:03 UTC (Thu) by jengelh (subscriber, #33263)
Exploit fails =/> not vulnerable
Posted Sep 23, 2010 15:50 UTC (Thu) by price (subscriber, #59790)
You can never rely on an exploit failing to tell you that a system is not vulnerable -- it may fail for some dumb reason that a skilled attacker could fix.
Novell says "SUSE Linux Enterprise Server 9, 10, 11, all service packs, and also openSUSE 11.1 - 11.3" are all affected.
I don't have a SUSE machine handy, nor SUSE kernel sources, so I can't confirm what the story is -- they may just mean they're in the same boat as RHEL 4, where they don't have compat_mc_getsockopt() but there may be other compat_alloc_user_space() call sites that are vulnerable. That'd take some real work to exploit, if it's possible at all. But I'd bet that at least the newer releases do have compat_mc_getsockopt() and are vulnerable (before yesterday's update), and that it wouldn't be too hard to modify ABftw.c to work.
Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds