Hi all.
I'm confirm exploit is working on Debian wheezy with kernel
3.2.0-4-rt-amd64 with gcc -O2 options
On 05/15/2013 12:20 AM, Gavin wrote:
On 14 May 2013 19:41, Gerald Turner<gtur...@unzane.com> wrote:
Gavin<netmatt...@gmail.com> writes:
On 14 May 2013 18:36, John Andreasson<andreassonj...@gmail.com> wrote:
Was just alerted of a kernel bug in RHEL [1], but when testing the
sample code on Wheezy as an unprivileged user it successfully gives
me a root prompt. Kind of suboptimal. :-(
Any idea when this is fixed?
[1] https://bugzilla.redhat.com/show_bug.cgi?id=962792
Hi John,
I'm unable to replicate this 'issue' on my up to date Wheezy laptop.
gavin@caelyn:~$ uname -a
Linux caelyn 3.2.0-4-amd64 #1 SMP Debian 3.2.41-2 x86_64 GNU/Linux
When I run the compiled binary of this exploit as my unprivileged user
I get the following error:-
gavin@caelyn:~$ ./getroot
2.6.37-3.x x86_64
sd@f***sheep.org 2010
getroot: getroot.c:81: main: Assertion `p = memmem(code, 1024,
&needle, 8)' failed.
Aborted
What kernel are you able to replicate this bug with ?
At first I thought the same thing, however compile with -O2:
$ gcc -O2 semtex.c&& ./a.out
2.6.37-3.x x86_64
s...@fucksheep.org 2010
root@xo-laptop:/tmp# uname -a
Linux xo-laptop 3.2.0-4-amd64 #1 SMP Debian 3.2.41-2 x86_64 GNU/Linux
Ok, if I compile with the -O2 then I don't get a root shell, however
my kernel panics with:-
BUG: unable to handle kernel paging request at xxxxxxxxxxxxx.
Still not ideal.
Thanks for the heads-up!
--
To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/519307de.9050...@mail.ru
