Hi maybe when you do the upgrade keeps back the linux-image* package. the one it fix this vulnerability is:
linux-image-3.16.0-4-amd64 3.16.36-1+deb8u2 amd64 Linux 3.16 for 64-bit PCs Linux mail 3.16.0-4-amd64 #1 SMP Debian 3.16.36-1+deb8u2 (2016-10-19) x86_64 GNU/Linux -- Matias Mucciolo Area de Infraestructura. Piedras 737 C.A.B.A SUTEBA On Monday 07 November 2016 19:45:57 Ozgur wrote: > Hello Salvatore, > > I updated the Debian system and again exploit it successful. > > $ sudo apt-get update > $ sudo apt-get upgrade > $ sudo apt-get dist-upgrade > > $ cat /etc/debian_version > 8.6 > $ uname -ar > Linux x 3.16.0-4-amd64 #1 SMP Debian 3.16.36-1+deb8u1 (2016-09-03) x86_64 > GNU/Linux > > Test: > > $ ./dirtyc0w /etc/resolv.conf blabla (not root, normal user) > mmap 7faddc3f2000 > madvise 0 > > procselfmem 600000000 > > $ cat /etc/resolv.conf > blabla8.8.8.8 > > Do I have to reinstall new Debian's? > > ~$ cat /etc/apt/sources.list > > deb http://security.debian.org/ jessie/updates main contrib > deb-src http://security.debian.org/ jessie/updates main contrib > > deb http://ftp.debian.org/debian/ jessie-updates main contrib > deb-src http://ftp.debian.org/debian/ jessie-updates main contrib > > deb http://ftp.debian.org/debian/ jessie main contrib > deb-src http://ftp.debian.org/debian/ jessie main contrib > > Regards, > > ~ Ozgur > > > 2016-11-07 19:09 GMT+03:00 Salvatore Bonaccorso <car...@debian.org>: > > > Hi, > > > > On Mon, Nov 07, 2016 at 06:54:55PM +0300, Ozgur wrote: > > > Hi all, > > > > > > I have been reading security articles and I seen a test with Debian Linux > > > vulnerability of kernel. I tested and given a successful exploit. > > > > > > List a vuln: > > > > > > https://github.com/dirtycow/dirtycow.github.io/wiki/PoCs > > > > > > My testing: > > > > > > dirtycow.c (status: success) > > > cowroot.c (status: success) > > > > > > For example, I have installed Debian and kernel version are as follow: > > > > > > Linux 3.16.0-4-amd64 (Debian 8.6) > > > > > > I created a "zoo" file with root privileges and locked a file: > > > > > > # echo I'm a root > foo > > > # chmod 0404 foo > > > # ls -la foo > > > -r-----r-- 1 root root 11 Nov 7 10:13 foo > > > > > > then I'm return my user (not root) and I downloaded the exploit script > > and > > > run it: > > > > > > $ gcc -pthread dirtyc0w.c -o dirtyc0w > > > $ ./dirtyc0w foo blabla > > > $ cat foo > > > blabla > > > > > > what is the suggestion on this exploit? > > > > Have you installed the Kernel update as per the security advisory > > DSA-3696-1? Which kernel image do you have installed, which kernel is > > running? > > > > [0] https://www.debian.org/security/2016/dsa-3696 > > > > Regards, > > Salvatore > > > > > > -- > Ozgur
