[Triumf-linux-managers] linux kernel exploit (fwd)
Andrew Daviel
advax@triumf.ca
Thu, 20 Jul 2006 12:18:43 -0700 (PDT)
On Thu, 20 Jul 2006, Konstantin Olchanski wrote:
> You overwhelmed us with information here. Where is the CVE reference? What
> kernels and distributions are affected? (Surely Linux 0.99 is safe?)
OK, so I didn't expand on the message. It did mention 2.6 though.
There are 2 exploits which may be implicated in the LCG breakins (also
ptrace in RH7.4)
http://securitydot.net/xpl/exploits/vulnerabilities/articles/1167/exploit.html
Linux Kernel <= 2.6.17.4 (/proc) Local Root Exploit
http://securitydot.net/xpl/exploits/vulnerabilities/articles/1158/exploit.html
Linux Kernel 2.6.13 <= 2.6.17.4 sys_prctl() Local Root Exploit
CVE-2006-2451
http://securitydot.net/xpl/exploits/vulnerabilities/articles/1159/exploit.html
Linux Kernel 2.6.13 <= 2.6.17.4 sys_prctl() Local Root Exploit 2
CVE-2006-2451 appears to have been addressed by RedHat in a kernel update
released July 7th. e.g. kernel-2.6.9-34.0.2.EL.i686.rpm
People running 2.6 kernels (uname -r) should check that this patch is
applied (will require a reboot).
Yum may add the new kernel to /etc/grub.conf but a reboot is required to
use it.
The /proc exploit does not yet appear to have been addressed
as per
https://www.redhat.com/archives/enterprise-watch-list/2006-July/thread.html
--
Andrew Daviel, TRIUMF, Canada
Tel. +1 (604) 222-7376 (Pacific Time)
security@triumf.ca