Bug#544756: linux-image-2.6.26-2-686: Kernel still vulnerable by dsa-1862
On Wed, Sep 02, 2009 at 08:45:20PM +0200, Christoph Siess wrote:
> Package: linux-image-2.6.26-2-686
> Version: 2.6.26-17lenny2
> Severity: critical
> Tags: security
> Justification: root security hole
> according to http://www.debian.org/security/2009/dsa-1862 this Version of the 2.6.26-2 Kernel should
> not be vulnerable to CVE-2009-2692.
> Unfortunately I'm still able to break my system:
> chs@server:~$ gcc exploit.c -o exploit
> chs@server:~$ ./exploit
> sh-3.2# id
> uid=0(root) gid=0(root) groups=115(wheel),1000(chs)
> I got the exploit from http://www.risesecurity.org/exploits/linux-sendpage.c
> Correct my if I got something wrong, but according to my understanding this shouldn't be possible
> with version 2.6.26-17lenny2.
Not reproducible, neither with the Rise Security exploit, nor with Brad's
exploit. Please send the output of "uname -a" before running the exploit.
This sounds as if you didn't reboot.