On 14 May 2013 19:41, Gerald Turner <gtur...@unzane.com> wrote: > Gavin <netmatt...@gmail.com> writes: >> On 14 May 2013 18:36, John Andreasson <andreassonj...@gmail.com> wrote: >>> Was just alerted of a kernel bug in RHEL [1], but when testing the >>> sample code on Wheezy as an unprivileged user it successfully gives >>> me a root prompt. Kind of suboptimal. :-( >>> >>> Any idea when this is fixed? >>> >>> [1] https://bugzilla.redhat.com/show_bug.cgi?id=962792 >> >> Hi John, >> >> I'm unable to replicate this 'issue' on my up to date Wheezy laptop. >> >> gavin@caelyn:~$ uname -a >> Linux caelyn 3.2.0-4-amd64 #1 SMP Debian 3.2.41-2 x86_64 GNU/Linux >> >> When I run the compiled binary of this exploit as my unprivileged user >> I get the following error:- >> >> gavin@caelyn:~$ ./getroot >> 2.6.37-3.x x86_64 >> sd@f***sheep.org 2010 >> getroot: getroot.c:81: main: Assertion `p = memmem(code, 1024, >> &needle, 8)' failed. >> Aborted >> >> What kernel are you able to replicate this bug with ? > > At first I thought the same thing, however compile with -O2: > > $ gcc -O2 semtex.c && ./a.out > 2.6.37-3.x x86_64 > s...@fucksheep.org 2010 > root@xo-laptop:/tmp# uname -a > Linux xo-laptop 3.2.0-4-amd64 #1 SMP Debian 3.2.41-2 x86_64 GNU/Linux
Ok, if I compile with the -O2 then I don't get a root shell, however my kernel panics with:- BUG: unable to handle kernel paging request at xxxxxxxxxxxxx. Still not ideal. Thanks for the heads-up! -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/CAN=hbljp+ngqx4d6mjeeppoeh_f7zw8efqvpmu1sc+ichg9...@mail.gmail.com
