[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Which kernels are vulnerable?

Hi all,

Had an argument over the weekend about which kernels are vulnerable to
the exploit that was used to take gluck down.  I maintained that only
kernels >= 2.6.13 and <= are vulnerable, but in the end I
proved myself wrong when I took the exploit code, changed the line
that says:

   prctl(PR_SET_DUMPABLE, 2)


   prctl(PR_SET_DUMPABLE, 1)

and ran it on a sarge box running 2.6.8 (not sure exactly which
version), and STILL got a root prompt back.  This sarge machine runs
the kernel it was installed with, that is the one on the 3.1r0a cd
image (I need to upgrade it obviously).

I then tried the same modified exploit on a vulnerable 2.6.15, and it
failed (ie, on 2.6.15 it only succeeds if you call it with
PR_SET_DUMPABLE argument = 2).

My questions: is this a different bug?  When was it fixed and what are
the relevant advisory numbers?


Reply to: