Re: Re: Kernel update status
On Fri, 17 Sep 2010 18:01:12 -0400 Michael Gilbert wrote:
> The fixes are already commited to the kernel svn and pending for
> 2.6.32-23. I however don't know when that will be uploaded. You > could
> get the kernel sources from their git tree and compile it on your own.
> There is also a workaround for CVE-2010-3081 [0]. Note that you have
> to run that after every boot.
I compiled the 2.6.32-23 kernel packages myself from `apt-get source
linux-2.6` since I didn't want to wait for them to be available via apt,
but my test system is still vulnerable to this exploit:
http://www.bugsearch.net/en/10464/x8664-linux-kernel-ia32syscall-emulation-privilege-escalation-cve-2010-3301.html?ref=3
(ABftw.c didn't work for me on 2.6.32-5 or 2.6.32-23)
Unless I'm mistaken, all the appropriate patches mentioned earlier in
this thread have been applied to 2.6.32-23:
* c41d68a513c71e35a14f66d71782d27a79a81ea6 =
compat-make-compat_alloc_user_space-incorporate-the-access_ok.patch
* c41d68a513c71e35a14f66d71782d27a79a81ea6 =
compat-test-rax-for-the-syscall-number-not-eax.patch
* eefdca043e8391dcd719711716492063030b55ac =
compat-retruncate-rax-after-ia32-syscall-entry-tracing.patch
Has anyone with access to Mr. Gilber's compiled kernel had a chance to
test it? Did I bork `cd linux-2.6-2.6.32 && fakeroot debian/rules
binary` somehow or are we missing a patch?
(I did an md5sum on
/usr/src/linux-2.6-2.6.32/debian/build/build_amd64_none_amd64/arch/x86/boot/bzImage
and /boot/vmlinuz-2.6.32-bpo.5-amd64 and they match, so I'm pretty sure
I've got the right package installed correctly too).
Note that my non-backports systems running 2.6.26-25lenny1 aren't
vulnerable to that exploit. Unfortunately I patched them all before
trying it on the previous kernel, but I would assume whatever I was
running before that was vulnerable.
--
Adam Carheden
Reply to: