questioning lenny's vulnerability to CVE-2010-3301
Hi,
<http://security-tracker.debian.org/tracker/CVE-2010-3301> reports all
releases except experimental as being vulnerable. However, according
to Ben Hawkes on <http://sota.gen.nz/compat2/>, the vulnerability
CVE-2010-3301 was introduced by this commit:
http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.35.y.git;a=commitdiff;h=d4d67150165df8bf1cc05e532f6efca96f907cab
by removing the line:
movl \offset+72(%rsp),%eax
from the LOAD_ARGS32 macro in arch/x86/ia32/ia32entry.S.
The kernel was tagged at 2.6.26 a few days before this commit, so that
tag, and therefore the Debian package linux-2.6 version 2.6.26-25, do
not include this commit. So based on Ben Hawkes' description of the
problem, I don't believe lenny is vulnerable to it, although squeeze
certainly is, as Ben's exploit code demonstrates.
Thanks.
Reply to: