Bug#465246: user->root exploit in vmsplice()

To: submit@bugs.debian.org
Subject: Bug#465246: user->root exploit in vmsplice()
From: "Martin Guy" <martinwguy@yahoo.it>
Date: Mon, 11 Feb 2008 11:57:54 +0000
Message-id: <[🔎] 56d259a00802110357g5ec300a0y16a4de6e8b84034b@mail.gmail.com>
Reply-to: "Martin Guy" <martinwguy@yahoo.it>, 465246@bugs.debian.org

Package: linux-image-2.6.18-6-686
Version: 2.6.18.dfsg.1-17etch1
Severity: important

There is a bug in vmsplice from 2.6.17 to 2.6.24.1 that can be
exploited by any user process to gain root privileges.

info is here

http://isc.sans.org/newssummary.html

which links to the source code for the exploit here:

http://www.milw0rm.com/exploits/5092

...which has been tested, and works like a charm.

Also here:

http://www.isec.pl/vulnerabilities/isec-0026-vmsplice_to_kernel.txt

...which describes the exploit in more detail.

Reply to:

Follow-Ups:
- Bug#465246: marked as done (user->root exploit in vmsplice())
  - From: owner@bugs.debian.org (Debian Bug Tracking System)

Prev by Date: Bug#465234: CONFIG_SYSFS_DEPRECATED must be disabled
Next by Date: Processed (with 1 errors): reassign 465246 to linux-2.6, forcibly merging 464945 465245
Previous by thread: Bug#465234: CONFIG_SYSFS_DEPRECATED must be disabled
Next by thread: Bug#465246: marked as done (user->root exploit in vmsplice())
Index(es):
- Date
- Thread