Which kernels are vulnerable?

To: debian-devel@lists.debian.org
Subject: Which kernels are vulnerable?
From: "Izak Burger" <isburger@gmail.com>
Date: Mon, 17 Jul 2006 08:57:05 +0200
Message-id: <[🔎] e2e2e5500607162357m1a17c6d9rd21f213262d2e978@mail.gmail.com>

Hi all,

Had an argument over the weekend about which kernels are vulnerable to
the exploit that was used to take gluck down.  I maintained that only
kernels >= 2.6.13 and <= 2.6.17.4 are vulnerable, but in the end I
proved myself wrong when I took the exploit code, changed the line
that says:

   prctl(PR_SET_DUMPABLE, 2)

to

   prctl(PR_SET_DUMPABLE, 1)

and ran it on a sarge box running 2.6.8 (not sure exactly which
version), and STILL got a root prompt back.  This sarge machine runs
the kernel it was installed with, that is the one on the 3.1r0a cd
image (I need to upgrade it obviously).

I then tried the same modified exploit on a vulnerable 2.6.15, and it
failed (ie, on 2.6.15 it only succeeds if you call it with
PR_SET_DUMPABLE argument = 2).

My questions: is this a different bug?  When was it fixed and what are
the relevant advisory numbers?

regards,
Izak

Reply to:

Prev by Date: Re: Bits from the Package Tracking System
Next by Date: NFSv4
Previous by thread: Processed: Only in stable
Next by thread: Bug#378587: ITP: qrfcview -- viewer for IETF RFCs
Index(es):
- Date
- Thread