Exploit fails =/> not vulnerable
Posted Sep 23, 2010 15:50 UTC (Thu) by price
In reply to: Distribution security response times
Parent article: Distribution security response times
You can never rely on an exploit failing to tell you that a system is not vulnerable -- it may fail for some dumb reason that a skilled attacker could fix.
Novell says "SUSE Linux Enterprise Server 9, 10, 11, all service packs, and also openSUSE 11.1 - 11.3" are all affected.
I don't have a SUSE machine handy, nor SUSE kernel sources, so I can't confirm what the story is -- they may just mean they're in the same boat as RHEL 4, where they don't have compat_mc_getsockopt() but there may be other compat_alloc_user_space() call sites that are vulnerable. That'd take some real work to exploit, if it's possible at all. But I'd bet that at least the newer releases do have compat_mc_getsockopt() and are vulnerable (before yesterday's update), and that it wouldn't be too hard to modify ABftw.c to work.
to post comments)