LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Exploit fails =/> not vulnerable

Exploit fails =/> not vulnerable

Posted Sep 23, 2010 15:50 UTC (Thu) by price (subscriber, #59790)
In reply to: Distribution security response times by jengelh
Parent article: Distribution security response times

You can never rely on an exploit failing to tell you that a system is not vulnerable -- it may fail for some dumb reason that a skilled attacker could fix.

Novell says "SUSE Linux Enterprise Server 9, 10, 11, all service packs, and also openSUSE 11.1 - 11.3" are all affected.

I don't have a SUSE machine handy, nor SUSE kernel sources, so I can't confirm what the story is -- they may just mean they're in the same boat as RHEL 4, where they don't have compat_mc_getsockopt() but there may be other compat_alloc_user_space() call sites that are vulnerable. That'd take some real work to exploit, if it's possible at all. But I'd bet that at least the newer releases do have compat_mc_getsockopt() and are vulnerable (before yesterday's update), and that it wouldn't be too hard to modify ABftw.c to work.

(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds