Re: Kernel update status

To: Sylvain Beucler <beuc@debian.org>
Cc: Norbert Tretkowski <norbert@tretkowski.de>, debian-backports@lists.debian.org
Subject: Re: Kernel update status
From: Athanasius <backports@miggy.org>
Date: Fri, 17 Sep 2010 22:42:30 +0100
Message-id: <[🔎] 20100917214230.GE5891@fysh.org>
Mail-followup-to: Sylvain Beucler <beuc@debian.org>, Norbert Tretkowski <norbert@tretkowski.de>, debian-backports@lists.debian.org
In-reply-to: <[🔎] 20100917213109.GA13815@perso.beuc.net>
References: <[🔎] 20100917203715.GA3319@perso.beuc.net> <[🔎] 1284757719.2136.6.camel@marathon.intern.tretkowski.de> <[🔎] 20100917213109.GA13815@perso.beuc.net>

On Fri, Sep 17, 2010 at 11:31:09PM +0200, Sylvain Beucler wrote:
> On Fri, Sep 17, 2010 at 11:08:39PM +0200, Norbert Tretkowski wrote:
> > Am Freitag, den 17.09.2010, 22:37 +0200 schrieb Sylvain Beucler:
> > > The 2.6.32 kernel in bpo is affected by CVE-2010-3301:
> > > http://sota.gen.nz/compat2/
> > > (with escalation to root privs)
> > > 
> > > I suppose that people are working on fixing this, for squeeze and then
> > > for bpo - is there a status / ETA?
> > 
> > The package for lenny-backports gets updated as soon as there is an
> > update for unstable available.
> 
> Thanks.  I'm interested in an estimation of the time this will take,
> which will help me decide whether I should just work-around the
> problem (shutdown / disable 32-bit...) until the update, or if I
> should patch it myself, or look for some unofficial update.

  Note that in my own testing of the 'robert_you_suck.c' exploit I found
that disabling 32bit binaries IS NOT A VALID WORKAROUND.  The binfmt
magic did indeed stop 32bit binaries from running (just echo'ing their
name instead), but I could still run the robert_you_suck exploit and
get UID 0.
  I didn't check the ABftw.c exploit in this manner.

  I can, however, confirm that the following 3 cherry picked git commits
seem to prevent both exploits from working:

c41d68a513c71e35a14f66d71782d27a79a81ea6
36d001c70d8a0144ac1d038f6876c484849a74de
eefdca043e8391dcd719711716492063030b55ac

apply in that order.  If I was more familiar with git I could give you
git cherry-pick commands to pull them in, but I'm not, so ....
  Oh, one caveat.  If you grab a diff patch of those commits the first
will fail against 2.6.35.4 due to the arch/tile/ bits not being present.
I assume the whole arch (or at least the affected file) was added in
2.6.36.git and ignored that hunk failure.

-- 
- Athanasius = Athanasius(at)miggy.org / http://www.miggy.org/
                  Finger athan(at)fysh.org for PGP key
	   "And it's me who is my enemy. Me who beats me up.
Me who makes the monsters. Me who strips my confidence." Paula Cole - ME

Attachment: signature.asc
Description: Digital signature

Reply to:

Follow-Ups:
- Re: Kernel update status
  - From: Sylvain Beucler <beuc@debian.org>

References:
- Kernel update status
  - From: Sylvain Beucler <beuc@debian.org>
- Re: Kernel update status
  - From: Norbert Tretkowski <norbert@tretkowski.de>
- Re: Kernel update status
  - From: Sylvain Beucler <beuc@debian.org>

Prev by Date: Re: Kernel update status
Next by Date: Re: Kernel update status
Previous by thread: Re: Kernel update status
Next by thread: Re: Kernel update status
Index(es):
- Date
- Thread