Which kernels are vulnerable?
Hi all,
Had an argument over the weekend about which kernels are vulnerable to
the exploit that was used to take gluck down. I maintained that only
kernels >= 2.6.13 and <= 2.6.17.4 are vulnerable, but in the end I
proved myself wrong when I took the exploit code, changed the line
that says:
prctl(PR_SET_DUMPABLE, 2)
to
prctl(PR_SET_DUMPABLE, 1)
and ran it on a sarge box running 2.6.8 (not sure exactly which
version), and STILL got a root prompt back. This sarge machine runs
the kernel it was installed with, that is the one on the 3.1r0a cd
image (I need to upgrade it obviously).
I then tried the same modified exploit on a vulnerable 2.6.15, and it
failed (ie, on 2.6.15 it only succeeds if you call it with
PR_SET_DUMPABLE argument = 2).
My questions: is this a different bug? When was it fixed and what are
the relevant advisory numbers?
regards,
Izak
Reply to: