* Christoph Siess <chs@geekhost.info> [2009-09-02 14:57-0400]: > Package: linux-image-2.6.26-2-686 > Version: 2.6.26-17lenny2 > Severity: critical > Tags: security > Justification: root security hole > > > Hi, > > according to http://www.debian.org/security/2009/dsa-1862 this Version of the 2.6.26-2 Kernel should > not be vulnerable to CVE-2009-2692. > Unfortunately I'm still able to break my system: > chs@server:~$ gcc exploit.c -o exploit > chs@server:~$ ./exploit > sh-3.2# id > uid=0(root) gid=0(root) groups=115(wheel),1000(chs) > > I got the exploit from http://www.risesecurity.org/exploits/linux-sendpage.c > > Correct my if I got something wrong, but according to my understanding this shouldn't be possible > with version 2.6.26-17lenny2. I'm afraid this doesn't work on any of the systems i am running 2.6.26-17lenny2 on: micah@tern:~$ wget http://www.risesecurity.org/exploits/linux-sendpage.c Saving to: `linux-sendpage.c' 100%[================================================================================================================>] 2009-09-03 19:01:43 (24.2 KB/s) - `linux-sendpage.c' saved [9380/9380] micah@tern:~$ gcc linux-sendpage.c -o exploit micah@tern:~$ ./exploit sh-3.2$ id uid=1001(micah) gid=1007(micah) groups=4(adm),20(dialout),33(www-data),100(users),1007(micah) micah
Attachment:
signature.asc
Description: Digital signature