* Florian Weimer <[EMAIL PROTECTED]> wrote: > * Jens Schüßler: > > > I just upgraded my linux-source-2.6.18 to 2.6.18.dfsg.1-18etch1_all and > > build a new linux-image. But after installing an rebooting I still was > > able to become root with this exploit: > > http://milw0rm.com/exploits/5092 > > > > Can anyone reproduce this? > > Not in our tests. Are you sure you're running the new kernel? What > does "uname -a" say? $uname -a Linux algol 2.6.18+2008-02-12 #1 Tue Feb 12 16:49:10 CET 2008 i686 GNU/Linux
As I said, fresh compiled from the new sources-Packet [EMAIL PROTECTED]:~$ tmp/splice_ex ----------------------------------- Linux vmsplice Local Root Exploit By qaaz ----------------------------------- [+] mmap: 0x0 .. 0x1000 [+] page: 0x0 [+] page: 0x20 [+] mmap: 0x4000 .. 0x5000 [+] page: 0x4000 [+] page: 0x4020 [+] mmap: 0x1000 .. 0x2000 [+] page: 0x1000 [+] mmap: 0xb7d92000 .. 0xb7dc4000 [+] root [EMAIL PROTECTED]:~# ?? > > Has this machine been upgraded from sarge? Then you need to edit > /etc/kernel-img.conf to adjust the path to update-grub (or just use > "update-grub" without path). update-grub runs normal, this postinstall line is there for long time. Greets Jens
