User: Password:
|
|
Subscribe / Log in / New account

distro update progress

distro update progress

Posted Feb 12, 2008 1:13 UTC (Tue) by dougg (guest, #1894)
Parent article: vmsplice(): the making of a local root exploit

Looks like Debian is first out of the blocks. [Several of my machines running  debian etch 4.0
(i386) have new kernels (2.6.18) now. Sadly my slug (NSLU2) running etch 4.0 has not yet been
fixed.] As I write there has been no update for Fedora 8 or Ubuntu server 7.10 ...


(Log in to post comments)

distro update progress

Posted Feb 12, 2008 1:30 UTC (Tue) by corbet (editor, #1) [Link]

Fedora updates are in our mailbox now, haven't seen a whole lot of others yet.

distro update progress

Posted Feb 12, 2008 1:37 UTC (Tue) by jengelh (subscriber, #33263) [Link]

"suser-jengelh/SUSE-10.3" repository updated as of Feb 12 01:18 UTC.

distro update progress

Posted Feb 12, 2008 2:09 UTC (Tue) by mrons (subscriber, #1751) [Link]

I took the fedora update  kernel-2.6.23.15-137.fc8 straight from the build system
(koji.fedoraproject.org) about 21 hours ago.

I couldn't wait for it to be distributed to the mirrors, I have lots of students with shell
accounts that read slashdot!

distro update progress

Posted Feb 12, 2008 8:17 UTC (Tue) by nix (subscriber, #2304) [Link]

It is too late. Now you have lots of new co-system-administrators. ;)

distro update progress

Posted Feb 12, 2008 11:49 UTC (Tue) by Velmont (guest, #46433) [Link]

You could always had used the quick hotfix to disable vmsplice (no reboot necessary):

http://www.ping.uio.no/~mortehu/disable-vmsplice-if-explo...

distro update progress

Posted Feb 12, 2008 18:58 UTC (Tue) by incase (guest, #37115) [Link]

That "fix" is even worse than the problem itself:
It first tries wether the exploit works and overwrites parts of kernel memory on the way.
If your machine only has few and trusted users, don't use it. If you have untrusted users (or
anticipate having some remote exploit allowing the attacker to execute his code under some
(non-root) account, it would be better to shut down the machine until you have an updated
kernel installed. Either by patching your kernel yourself or by installing a distribution
kernel with the fixes in it.

distro update progress

Posted Feb 13, 2008 10:52 UTC (Wed) by Velmont (guest, #46433) [Link]

If you use the new hotfix, it will *not* use the exploit to get root but just disable
vmsplice.

Morten Hustveit made the patch while waiting for a pizza delivery, and didn't look at the
exploit - now the second version enables sysadmins to disable vmsplice more securely. ;-)

distro update progress

Posted Feb 12, 2008 4:25 UTC (Tue) by pr1268 (subscriber, #24648) [Link]

Slackware patched the kernel for both -current and -stable as of 0100 UTC (6:00 PM CST), according to the ChangeLogs -current and -stable.

The -current fix involves upgrading to Kernel 2.6.23.16, whereas the -stable fix appears to be a backported patch to 2.6.21.5 (which shipped with Slackware 12.0 back in July).

distro update progress

Posted Feb 12, 2008 5:38 UTC (Tue) by afalko (guest, #37028) [Link]

For all those curious about Gentoo:

I use vanilla-sources-2.6.24 in Gentoo; I needed to package.keyword vanilla-sources and mask
2.6.25.

gentoo-sources, which is supported by Gentoo security had 2.6.23.16 kernel stable within about
a day and half.

distro update progress

Posted Feb 12, 2008 7:38 UTC (Tue) by jmm (subscriber, #34596) [Link]

Updates for arm will be released soon. They're built from the same source package as the other
kernel images, but since arm is slow to compile and rarely used in a multiuser environment we
decided to go ahead with the other archs.

distro update progress

Posted Feb 12, 2008 22:40 UTC (Tue) by man_ls (guest, #15091) [Link]

My slug (NSLU2) running etch is now updated with linux-image-2.6.18-6-ixp4xx. Thanks! Debian rocks (as usual).

for the record

Posted Feb 23, 2008 22:06 UTC (Sat) by gvy (guest, #11981) [Link]

* Sun Feb 10 2008 Sergey Vlasov <vsu@altlinux> 2.6.18-alt12
- Security-related changes:
  + CVE-2008-0600: splice: fix user pointer access in get_iovec_page_array()
  + check iovec buffers in __bio_map_user_iov() (fixes issue with SG_IO)
  + guard against attempts to call get_user_pages() for 0 pages


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds