Can we confirm whether or not the kernel is already installed? Is the
newest version in the kernel in /boot? It's unclear from what's been
said if the system has even been rebooted into the updated kernel.
On 11/07/2016 08:55 AM, Eduardo M KALINOWSKI wrote:
On Seg, 07 Nov 2016, Ozgur wrote:
I updated the Debian system and again exploit it successful.
No, you didn't. (Well, kinda)
$ uname -ar
Linux x 3.16.0-4-amd64 #1 SMP Debian 3.16.36-1+deb8u1 (2016-09-03)
x86_64
GNU/Linux
That's not the latest version, and specifically is not the one in
which that vulnerability was fixed. You should have version
3.16.36-1+deb8u2 .
~$ cat /etc/apt/sources.list
deb http://security.debian.org/ jessie/updates main contrib
deb-src http://security.debian.org/ jessie/updates main contrib
deb http://ftp.debian.org/debian/ jessie-updates main contrib
deb-src http://ftp.debian.org/debian/ jessie-updates main contrib
deb http://ftp.debian.org/debian/ jessie main contrib
deb-src http://ftp.debian.org/debian/ jessie main contrib
Your sources seem correct, though. What does "apt-cache policy
linux-image-3.16.0-4-amd64" says?
