[arch-general] Kernel Rootexploit
Thomas Bächler
thomas at archlinux.org
Fri Sep 17 11:48:59 EDT 2010
Am 17.09.2010 17:39, schrieb Moritz Rudert:
> Hi everybody,
> unfortunately today a new root exploit appeared.
>
> Look at: http://sota.gen.nz/compat2/
>
> After some tests I can say: It works on Archlinux and Ubuntu, but not on
> debian.
>
> The "bugfix" found on http://seclists.org/fulldisclosure/2010/Sep/273
> does not work on Arch and Ubuntu.
There's actually two holes with two exploits. This workaround is for the
'compat1' exploit - which doesn't work on Arch, unlike compat2, which
works. If I understand this right, the following three patches fix the
problems:
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=36d001c70d8a0144ac1d038f6876c484849a74de
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff&h=c41d68a513c71e35a14f66d71782d27a79a81ea6
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=eefdca043e8391dcd719711716492063030b55ac
I am building a new 64 Bit kernel26 right now, but I don't know when I
can push this to the repositories, hopefully some time tonight.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.archlinux.org/pipermail/arch-general/attachments/20100917/6a356009/attachment.bin>
More information about the arch-general
mailing list