Your message dated Tue, 21 Sep 2010 00:14:36 +0100 with message-id <1285024476.2697.85.camel@localhost> and subject line Re: Bug#597576: linux-image-2.6.32-5-amd64: 2.6.32-23 still vulnerable to CVE-2010-3301 has caused the Debian Bug report #597576, regarding linux-image-2.6.32-5-amd64: 2.6.32-23 still vulnerable to CVE-2010-3301 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 597576: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=597576 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: linux-image-2.6.32-5-amd64: 2.6.32-23 still vulnerable to CVE-2010-3301
- From: Jon <nuxi@vault24.org>
- Date: Mon, 20 Sep 2010 18:51:16 -0400
- Message-id: <[🔎] 20100920225116.2658.67099.reportbug@nobel.vault24.org>
Package: linux-2.6 Version: 2.6.32-23 Justification: root security hole Severity: critical Tags: security The changelog says the CVE-2010-3301 was fixed in this update: * x86-64, compat (CVE-2010-3301): - Retruncate rax after ia32 syscall entry tracing - Test %rax for the syscall number, not %eax But a test of the exploit shows otherwise: nuxi@nobel:~(0)$ ./robert_you_suck resolved symbol commit_creds to 0xffffffff8106914d resolved symbol prepare_kernel_cred to 0xffffffff81069050 mapping at 3f80000000 UID 1000, EUID:1000 GID:100, EGID:100 $ -- Package-specific info: ** Version: Linux version 2.6.32-5-amd64 (Debian 2.6.32-23) (dannf@debian.org) (gcc version 4.3.5 (Debian 4.3.5-3) ) #1 SMP Fri Sep 17 21:50:19 UTC 2010 ** Command line: BOOT_IMAGE=/boot/vmlinuz-2.6.32-5-amd64 root=/dev/md0 ro ** Not tainted ** Kernel log: [ 5.279654] cdc_acm 6-1:1.0: ttyACM0: USB ACM device [ 5.294320] usbcore: registered new interface driver cdc_acm [ 5.294363] cdc_acm: v0.26:USB Abstract Control Model driver for USB modems and ISDN adapters [ 5.370027] [drm] Initialized drm 1.1.0 20060810 [ 5.490867] [drm] radeon kernel modesetting enabled. [ 5.491029] radeon 0000:01:05.0: PCI INT A -> GSI 18 (level, low) -> IRQ 18 [ 5.491077] radeon 0000:01:05.0: setting latency timer to 64 [ 5.493310] [drm] radeon: Initializing kernel modesetting. [ 5.493507] [drm] register mmio base: 0xFEAF0000 [ 5.493546] [drm] register mmio size: 65536 [ 5.497856] ATOM BIOS: B27722 [ 5.497911] [drm] Clocks initialized ! [ 5.498112] [drm] Detected VRAM RAM=256M, BAR=256M [ 5.498153] [drm] RAM width 32bits DDR [ 5.498258] [TTM] Zone kernel: Available graphics memory: 1901200 kiB. [ 5.498308] [drm] radeon: 256M of VRAM memory ready [ 5.498343] [drm] radeon: 512M of GTT memory ready. [ 5.498408] [drm] radeon: irq initialized. [ 5.498445] [drm] GART: num cpu pages 131072, num gpu pages 131072 [ 5.499243] [drm] Loading RS780 Microcode [ 5.499287] platform radeon_cp.0: firmware: requesting radeon/RS780_pfp.bin [ 5.499916] EDAC amd64_edac: Ver: 3.2.0 Sep 17 2010 [ 5.500988] EDAC amd64: This node reports that Memory ECC is currently disabled, set F3x44[22] (0000:00:18.3). [ 5.501038] EDAC amd64: ECC disabled in the BIOS or no ECC capability, module will not load. [ 5.501040] Either enable ECC checking or force module loading by setting 'ecc_enable_override'. [ 5.501041] (Note that use of the override may cause unknown side effects.) [ 5.501167] amd64_edac: probe of 0000:00:18.2 failed with error -22 [ 5.563779] platform radeon_cp.0: firmware: requesting radeon/RS780_me.bin [ 5.603520] platform radeon_cp.0: firmware: requesting radeon/R600_rlc.bin [ 5.622877] HDA Intel 0000:00:14.2: PCI INT A -> GSI 16 (level, low) -> IRQ 16 [ 5.668153] [drm] ring test succeeded in 1 usecs [ 5.668276] [drm] radeon: ib pool ready. [ 5.668372] [drm] ib test succeeded in 0 usecs [ 5.668421] [drm] Enabling audio support [ 5.668582] [drm] Radeon Display Connectors [ 5.668653] [drm] Connector 0: [ 5.668690] [drm] VGA [ 5.668726] [drm] DDC: 0x7e40 0x7e40 0x7e44 0x7e44 0x7e48 0x7e48 0x7e4c 0x7e4c [ 5.668767] [drm] Encoders: [ 5.668803] [drm] CRT1: INTERNAL_KLDSCP_DAC1 [ 5.668838] [drm] Connector 1: [ 5.668872] [drm] DVI-D [ 5.668906] [drm] HPD3 [ 5.668941] [drm] DDC: 0x7e50 0x7e50 0x7e54 0x7e54 0x7e58 0x7e58 0x7e5c 0x7e5c [ 5.668980] [drm] Encoders: [ 5.669015] [drm] DFP1: INTERNAL_KLDSCP_LVTMA [ 5.717477] [drm] fb mappable at 0xD0141000 [ 5.717516] [drm] vram apper at 0xD0000000 [ 5.717550] [drm] size 3145728 [ 5.717585] [drm] fb depth is 24 [ 5.717619] [drm] pitch is 4096 [ 5.733776] Console: switching to colour frame buffer device 128x48 [ 5.743640] fb0: radeondrmfb frame buffer device [ 5.743729] registered panic notifier [ 5.743803] [drm] Initialized radeon 2.0.0 20080528 for 0000:01:05.0 on minor 0 [ 5.750796] hda_codec: ALC888: BIOS auto-probing. [ 5.752442] input: HDA Digital PCBeep as /devices/pci0000:00/0000:00:14.2/input/input5 [ 6.131201] input: ImPS/2 Generic Wheel Mouse as /devices/platform/i8042/serio1/input/input6 [ 6.745690] loop: AES key scrubbing enabled [ 6.749698] loop: loaded (max 8 devices) [ 6.761982] f71882fg: Found f71882fg chip at 0x600, revision 32 [ 6.762561] f71882fg f71882fg.1536: Fan: 1 is in duty-cycle mode [ 6.765048] f71882fg f71882fg.1536: Fan: 2 is in duty-cycle mode [ 6.767477] f71882fg f71882fg.1536: Fan: 3 is in duty-cycle mode [ 6.769950] f71882fg f71882fg.1536: Fan: 4 is in duty-cycle mode [ 7.163278] Adding 4883748k swap on /dev/loop2. Priority:-1 extents:1 across:4883748k [ 7.324545] XFS mounting filesystem md1 [ 7.446032] Ending clean XFS mount for filesystem: md1 [ 7.559360] RPC: Registered udp transport module. [ 7.563548] RPC: Registered tcp transport module. [ 7.567733] RPC: Registered tcp NFSv4.1 backchannel transport module. [ 7.743492] Installing knfsd (copyright (C) 1996 okir@monad.swb.de). [ 9.507635] r8169: eth0: link up [ 9.511642] r8169: eth0: link up [ 10.456361] fuse init (API version 7.13) [ 11.064271] svc: failed to register lockdv1 RPC service (errno 97). [ 11.069200] NFSD: Using /var/lib/nfs/v4recovery as the NFSv4 state recovery directory [ 11.073173] NFSD: starting 90-second grace period [ 14.237813] vboxdrv: Trying to deactivate the NMI watchdog permanently... [ 14.237816] vboxdrv: Warning: 2.6.31+ kernel detected. Most likely the hardware performance [ 14.237818] vboxdrv: counter framework which can generate NMIs is active. You have to prevent [ 14.237819] vboxdrv: the usage of hardware performance counters by [ 14.237820] vboxdrv: echo 2 > /proc/sys/kernel/perf_counter_paranoid [ 14.237823] vboxdrv: Found 2 processor cores. [ 14.237886] VBoxDrv: dbg - g_abExecMemory=ffffffffa04af6c0 [ 14.237901] vboxdrv: fAsync=1 offMin=0x38f9 offMax=0x38f9 [ 14.238191] vboxdrv: TSC mode is 'asynchronous', kernel timer mode is 'normal'. [ 14.238193] vboxdrv: Successfully loaded version 3.2.8 (interface 0x00140001). [ 19.784018] eth0: no IPv6 routers present [ 250.280495] Slow work thread pool: Starting up [ 250.280548] Slow work thread pool: Ready [ 250.280610] FS-Cache: Loaded [ 250.301057] FS-Cache: Netfs 'nfs' registered for caching [ 257.973689] XFS mounting filesystem loop3 [ 258.118805] Ending clean XFS mount for filesystem: loop3 [ 262.272196] nfsd: last server has exited, flushing export cache [ 263.319647] NFSD: Using /var/lib/nfs/v4recovery as the NFSv4 state recovery directory [ 263.324355] NFSD: starting 90-second grace period [ 6028.283539] warning: `VirtualBox' uses 32-bit capabilities (legacy support in use) [ 6034.030553] device eth0 entered promiscuous mode ** Model information sys_vendor: MICRO-STAR INTERNATIONAL CO.,LTD product_name: MS-7501 product_version: 1.0 chassis_vendor: MICRO-STAR INTERNATIONAL CO.,LTD chassis_version: 1.0 bios_vendor: American Megatrends Inc. bios_version: V1.4 board_vendor: MICRO-STAR INTERNATIONAL CO.,LTD board_name: MS-7501 board_version: 1.0 ** Loaded modules: Module Size Used by nfs 240218 2 fscache 29594 1 nfs vboxnetadp 4193 0 vboxnetflt 12525 1 vboxdrv 1723527 3 vboxnetadp,vboxnetflt autofs4 20693 1 binfmt_misc 6399 1 fuse 49998 1 nfsd 253286 11 lockd 57475 2 nfs,nfsd nfs_acl 2031 2 nfs,nfsd auth_rpcgss 33396 2 nfs,nfsd sunrpc 160837 22 nfs,nfsd,lockd,nfs_acl,auth_rpcgss f71882fg 25618 0 loop 50001 4 snd_hda_codec_realtek 235570 1 snd_hda_intel 19955 11 snd_hda_codec 54244 2 snd_hda_codec_realtek,snd_hda_intel snd_hwdep 5380 1 snd_hda_codec snd_pcm 60503 5 snd_hda_intel,snd_hda_codec radeon 572625 3 snd_seq 42737 0 ttm 39746 1 radeon snd_timer 15582 5 snd_pcm,snd_seq snd_seq_device 4493 1 snd_seq drm_kms_helper 20033 1 radeon snd 46414 24 snd_hda_codec_realtek,snd_hda_intel,snd_hda_codec,snd_hwdep,snd_pcm,snd_seq,snd_timer,snd_seq_device drm 142151 5 radeon,ttm,drm_kms_helper cdc_acm 13686 0 k8temp 3155 0 i2c_piix4 8328 0 psmouse 49729 0 edac_core 29261 0 edac_mce_amd 6401 0 soundcore 4598 1 snd snd_page_alloc 6169 2 snd_hda_intel,snd_pcm i2c_algo_bit 4225 1 radeon i2c_core 15680 5 radeon,drm_kms_helper,drm,i2c_piix4,i2c_algo_bit evdev 7352 0 shpchp 26264 0 pci_hotplug 21203 1 shpchp pcspkr 1699 0 button 4650 0 serio_raw 3752 0 processor 30239 0 xfs 435581 3 exportfs 3138 2 nfsd,xfs raid1 18367 3 md_mod 73728 4 raid1 sg 18712 0 sd_mod 29713 5 crc_t10dif 1276 1 sd_mod sr_mod 12602 0 cdrom 29415 1 sr_mod ata_generic 2983 0 ohci_hcd 19116 0 ahci 32310 4 r8169 28765 0 pata_atiixp 3457 0 mii 3210 1 r8169 thermal 11674 0 thermal_sys 11942 2 processor,thermal libata 133328 3 ata_generic,ahci,pata_atiixp ehci_hcd 30895 0 scsi_mod 121861 4 sg,sd_mod,sr_mod,libata usbcore 121698 4 cdc_acm,ohci_hcd,ehci_hcd nls_base 6377 1 usbcore ** PCI devices: 00:00.0 Host bridge [0600]: Advanced Micro Devices [AMD] RS780 Host Bridge [1022:9600] Subsystem: Advanced Micro Devices [AMD] RS780 Host Bridge [1022:9600] Control: I/O- Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx- Status: Cap+ 66MHz+ UDF- FastB2B- ParErr- DEVSEL=medium >TAbort- <TAbort- <MAbort+ >SERR- <PERR- INTx- Latency: 0 Capabilities: <access denied> 00:01.0 PCI bridge [0604]: Advanced Micro Devices [AMD] RS780 PCI to PCI bridge (int gfx) [1022:9602] (prog-if 00 [Normal decode]) Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR+ FastB2B- DisINTx- Status: Cap+ 66MHz+ UDF- FastB2B- ParErr- DEVSEL=medium >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx- Latency: 64 Bus: primary=00, secondary=01, subordinate=01, sec-latency=64 I/O behind bridge: 0000d000-0000dfff Memory behind bridge: fe900000-feafffff Prefetchable memory behind bridge: 00000000d0000000-00000000dfffffff Secondary status: 66MHz+ FastB2B- ParErr- DEVSEL=medium >TAbort- <TAbort- <MAbort- <SERR- <PERR- BridgeCtl: Parity- SERR+ NoISA- VGA+ MAbort- >Reset- FastB2B- PriDiscTmr- SecDiscTmr- DiscTmrStat- DiscTmrSERREn- Capabilities: <access denied> 00:05.0 PCI bridge [0604]: Advanced Micro Devices [AMD] RS780 PCI to PCI bridge (PCIE port 1) [1022:9605] (prog-if 00 [Normal decode]) Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR+ FastB2B- DisINTx+ Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx- Latency: 0, Cache Line Size: 64 bytes Bus: primary=00, secondary=02, subordinate=02, sec-latency=0 I/O behind bridge: 0000e000-0000efff Memory behind bridge: feb00000-febfffff Prefetchable memory behind bridge: 00000000fdf00000-00000000fdffffff Secondary status: 66MHz- FastB2B- ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort- <SERR- <PERR- BridgeCtl: Parity+ SERR+ NoISA+ VGA- MAbort- >Reset- FastB2B- PriDiscTmr- SecDiscTmr- DiscTmrStat- DiscTmrSERREn- Capabilities: <access denied> Kernel driver in use: pcieport 00:11.0 SATA controller [0106]: ATI Technologies Inc SB700/SB800 SATA Controller [AHCI mode] [1002:4391] (prog-if 01 [AHCI 1.0]) Subsystem: Micro-Star International Co., Ltd. Device [1462:7501] Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR+ FastB2B- DisINTx- Status: Cap+ 66MHz+ UDF- FastB2B- ParErr- DEVSEL=medium >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx- Latency: 64, Cache Line Size: 64 bytes Interrupt: pin A routed to IRQ 22 Region 0: I/O ports at c000 [size=8] Region 1: I/O ports at b000 [size=4] Region 2: I/O ports at a000 [size=8] Region 3: I/O ports at 9000 [size=4] Region 4: I/O ports at 8000 [size=16] Region 5: Memory at fe8ff800 (32-bit, non-prefetchable) [size=1K] Capabilities: <access denied> Kernel driver in use: ahci 00:12.0 USB Controller [0c03]: ATI Technologies Inc SB700/SB800 USB OHCI0 Controller [1002:4397] (prog-if 10 [OHCI]) Subsystem: Micro-Star International Co., Ltd. Device [1462:7501] Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV+ VGASnoop- ParErr- Stepping- SERR+ FastB2B- DisINTx- Status: Cap- 66MHz+ UDF- FastB2B+ ParErr- DEVSEL=medium >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx- Latency: 64, Cache Line Size: 64 bytes Interrupt: pin A routed to IRQ 16 Region 0: Memory at fe8fe000 (32-bit, non-prefetchable) [size=4K] Kernel driver in use: ohci_hcd 00:12.1 USB Controller [0c03]: ATI Technologies Inc SB700 USB OHCI1 Controller [1002:4398] (prog-if 10 [OHCI]) Subsystem: Micro-Star International Co., Ltd. Device [1462:7501] Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV+ VGASnoop- ParErr- Stepping- SERR+ FastB2B- DisINTx- Status: Cap- 66MHz+ UDF- FastB2B+ ParErr- DEVSEL=medium >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx- Latency: 64, Cache Line Size: 64 bytes Interrupt: pin A routed to IRQ 16 Region 0: Memory at fe8fd000 (32-bit, non-prefetchable) [size=4K] Kernel driver in use: ohci_hcd 00:12.2 USB Controller [0c03]: ATI Technologies Inc SB700/SB800 USB EHCI Controller [1002:4396] (prog-if 20 [EHCI]) Subsystem: Micro-Star International Co., Ltd. Device [1462:7501] Control: I/O- Mem+ BusMaster+ SpecCycle- MemWINV+ VGASnoop- ParErr- Stepping- SERR+ FastB2B- DisINTx- Status: Cap+ 66MHz+ UDF- FastB2B+ ParErr- DEVSEL=medium >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx- Latency: 64, Cache Line Size: 64 bytes Interrupt: pin B routed to IRQ 17 Region 0: Memory at fe8ff000 (32-bit, non-prefetchable) [size=256] Capabilities: <access denied> Kernel driver in use: ehci_hcd 00:13.0 USB Controller [0c03]: ATI Technologies Inc SB700/SB800 USB OHCI0 Controller [1002:4397] (prog-if 10 [OHCI]) Subsystem: Micro-Star International Co., Ltd. Device [1462:7501] Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV+ VGASnoop- ParErr- Stepping- SERR+ FastB2B- DisINTx- Status: Cap- 66MHz+ UDF- FastB2B+ ParErr- DEVSEL=medium >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx- Latency: 64, Cache Line Size: 64 bytes Interrupt: pin A routed to IRQ 18 Region 0: Memory at fe8fc000 (32-bit, non-prefetchable) [size=4K] Kernel driver in use: ohci_hcd 00:13.1 USB Controller [0c03]: ATI Technologies Inc SB700 USB OHCI1 Controller [1002:4398] (prog-if 10 [OHCI]) Subsystem: Micro-Star International Co., Ltd. Device [1462:7501] Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV+ VGASnoop- ParErr- Stepping- SERR+ FastB2B- DisINTx- Status: Cap- 66MHz+ UDF- FastB2B+ ParErr- DEVSEL=medium >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx- Latency: 64, Cache Line Size: 64 bytes Interrupt: pin A routed to IRQ 18 Region 0: Memory at fe8f7000 (32-bit, non-prefetchable) [size=4K] Kernel driver in use: ohci_hcd 00:13.2 USB Controller [0c03]: ATI Technologies Inc SB700/SB800 USB EHCI Controller [1002:4396] (prog-if 20 [EHCI]) Subsystem: Micro-Star International Co., Ltd. Device [1462:7501] Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV+ VGASnoop- ParErr- Stepping- SERR+ FastB2B- DisINTx- Status: Cap+ 66MHz+ UDF- FastB2B+ ParErr- DEVSEL=medium >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx- Latency: 64, Cache Line Size: 64 bytes Interrupt: pin B routed to IRQ 19 Region 0: Memory at fe8f6800 (32-bit, non-prefetchable) [size=256] Capabilities: <access denied> Kernel driver in use: ehci_hcd 00:14.0 SMBus [0c05]: ATI Technologies Inc SBx00 SMBus Controller [1002:4385] (rev 3a) Subsystem: Micro-Star International Co., Ltd. Device [1462:7501] Control: I/O+ Mem+ BusMaster- SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx+ Status: Cap+ 66MHz+ UDF- FastB2B- ParErr- DEVSEL=medium >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx- Capabilities: <access denied> Kernel driver in use: piix4_smbus 00:14.1 IDE interface [0101]: ATI Technologies Inc SB700/SB800 IDE Controller [1002:439c] (prog-if 8a [Master SecP PriP]) Subsystem: Micro-Star International Co., Ltd. Device [1462:7501] Control: I/O+ Mem- BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx- Status: Cap+ 66MHz+ UDF- FastB2B- ParErr- DEVSEL=medium >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx- Latency: 64 Interrupt: pin A routed to IRQ 16 Region 0: I/O ports at 01f0 [size=8] Region 1: I/O ports at 03f4 [size=1] Region 2: I/O ports at 0170 [size=8] Region 3: I/O ports at 0374 [size=1] Region 4: I/O ports at ff00 [size=16] Capabilities: <access denied> Kernel driver in use: pata_atiixp 00:14.2 Audio device [0403]: ATI Technologies Inc SBx00 Azalia (Intel HDA) [1002:4383] Subsystem: Micro-Star International Co., Ltd. Device [1462:7501] Control: I/O- Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx- Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=slow >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx- Latency: 64, Cache Line Size: 64 bytes Interrupt: pin ? routed to IRQ 16 Region 0: Memory at fe8f0000 (64-bit, non-prefetchable) [size=16K] Capabilities: <access denied> Kernel driver in use: HDA Intel 00:14.3 ISA bridge [0601]: ATI Technologies Inc SB700/SB800 LPC host controller [1002:439d] Subsystem: Micro-Star International Co., Ltd. Device [1462:7501] Control: I/O+ Mem+ BusMaster+ SpecCycle+ MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx- Status: Cap- 66MHz+ UDF- FastB2B- ParErr- DEVSEL=medium >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx- Latency: 0 00:14.4 PCI bridge [0604]: ATI Technologies Inc SBx00 PCI to PCI Bridge [1002:4384] (prog-if 01 [Subtractive decode]) Control: I/O+ Mem- BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR+ FastB2B- DisINTx- Status: Cap- 66MHz+ UDF- FastB2B+ ParErr- DEVSEL=medium >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx- Latency: 64 Bus: primary=00, secondary=03, subordinate=03, sec-latency=64 Secondary status: 66MHz- FastB2B+ ParErr- DEVSEL=medium >TAbort- <TAbort- <MAbort+ <SERR- <PERR- BridgeCtl: Parity+ SERR+ NoISA+ VGA- MAbort- >Reset- FastB2B- PriDiscTmr- SecDiscTmr- DiscTmrStat- DiscTmrSERREn- 00:14.5 USB Controller [0c03]: ATI Technologies Inc SB700/SB800 USB OHCI2 Controller [1002:4399] (prog-if 10 [OHCI]) Subsystem: Micro-Star International Co., Ltd. Device [1462:7501] Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV+ VGASnoop- ParErr- Stepping- SERR+ FastB2B- DisINTx- Status: Cap- 66MHz+ UDF- FastB2B+ ParErr- DEVSEL=medium >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx- Latency: 64, Cache Line Size: 64 bytes Interrupt: pin C routed to IRQ 18 Region 0: Memory at fe8f5000 (32-bit, non-prefetchable) [size=4K] Kernel driver in use: ohci_hcd 00:18.0 Host bridge [0600]: Advanced Micro Devices [AMD] K8 [Athlon64/Opteron] HyperTransport Technology Configuration [1022:1100] Control: I/O- Mem- BusMaster- SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx- Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx- Capabilities: <access denied> 00:18.1 Host bridge [0600]: Advanced Micro Devices [AMD] K8 [Athlon64/Opteron] Address Map [1022:1101] Control: I/O- Mem- BusMaster- SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx- Status: Cap- 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx- 00:18.2 Host bridge [0600]: Advanced Micro Devices [AMD] K8 [Athlon64/Opteron] DRAM Controller [1022:1102] Control: I/O- Mem- BusMaster- SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx- Status: Cap- 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx- 00:18.3 Host bridge [0600]: Advanced Micro Devices [AMD] K8 [Athlon64/Opteron] Miscellaneous Control [1022:1103] Control: I/O- Mem- BusMaster- SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx- Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx- Capabilities: <access denied> Kernel driver in use: k8temp 01:05.0 VGA compatible controller [0300]: ATI Technologies Inc Radeon 3100 Graphics [1002:9611] (prog-if 00 [VGA controller]) Subsystem: Micro-Star International Co., Ltd. Device [1462:7501] Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR+ FastB2B- DisINTx- Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx- Latency: 0, Cache Line Size: 64 bytes Interrupt: pin A routed to IRQ 18 Region 0: Memory at d0000000 (32-bit, prefetchable) [size=256M] Region 1: I/O ports at d000 [size=256] Region 2: Memory at feaf0000 (32-bit, non-prefetchable) [size=64K] Region 5: Memory at fe900000 (32-bit, non-prefetchable) [size=1M] Expansion ROM at <unassigned> [disabled] Capabilities: <access denied> Kernel driver in use: radeon 02:00.0 Ethernet controller [0200]: Realtek Semiconductor Co., Ltd. RTL8111/8168B PCI Express Gigabit Ethernet controller [10ec:8168] (rev 02) Subsystem: Micro-Star International Co., Ltd. Device [1462:501c] Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR+ FastB2B- DisINTx+ Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx- Latency: 0, Cache Line Size: 64 bytes Interrupt: pin A routed to IRQ 25 Region 0: I/O ports at e800 [size=256] Region 2: Memory at fdfff000 (64-bit, prefetchable) [size=4K] Region 4: Memory at fdfe0000 (64-bit, prefetchable) [size=64K] Expansion ROM at febf0000 [disabled] [size=64K] Capabilities: <access denied> Kernel driver in use: r8169 ** USB devices: Bus 007 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub Bus 006 Device 002: ID 22b8:4902 Motorola PCS Triplet GSM Phone (AT) Bus 006 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub Bus 005 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub Bus 004 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub Bus 003 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub Bus 002 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub -- System Information: Debian Release: squeeze/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-5-amd64 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages linux-image-2.6.32-5-amd64 depends on: ii debconf [debconf-2.0] 1.5.35 Debian configuration management sy ii initramfs-tools [linux-initra 0.98.3 tools for generating an initramfs ii linux-base 2.6.32-23 Linux image base package ii module-init-tools 3.12-1 tools for managing Linux kernel mo Versions of packages linux-image-2.6.32-5-amd64 recommends: ii firmware-linux-free 2.6.32-23 Binary firmware for various driver Versions of packages linux-image-2.6.32-5-amd64 suggests: pn grub | lilo <none> (no description available) pn linux-doc-2.6.32 <none> (no description available) Versions of packages linux-image-2.6.32-5-amd64 is related to: pn firmware-bnx2 <none> (no description available) pn firmware-bnx2x <none> (no description available) pn firmware-ipw2x00 <none> (no description available) pn firmware-ivtv <none> (no description available) pn firmware-iwlwifi <none> (no description available) ii firmware-linux 0.26 Binary firmware for various driver ii firmware-linux-nonfree 0.26 Binary firmware for various driver pn firmware-qlogic <none> (no description available) pn firmware-ralink <none> (no description available) pn xen-hypervisor <none> (no description available) -- debconf information: shared/kernel-image/really-run-bootloader: true linux-image-2.6.32-5-amd64/postinst/bootloader-test-error-2.6.32-5-amd64: linux-image-2.6.32-5-amd64/postinst/bootloader-error-2.6.32-5-amd64: linux-image-2.6.32-5-amd64/prerm/would-invalidate-boot-loader-2.6.32-5-amd64: true linux-image-2.6.32-5-amd64/postinst/ignoring-do-bootloader-2.6.32-5-amd64: linux-image-2.6.32-5-amd64/postinst/depmod-error-initrd-2.6.32-5-amd64: false linux-image-2.6.32-5-amd64/prerm/removing-running-kernel-2.6.32-5-amd64: true linux-image-2.6.32-5-amd64/postinst/missing-firmware-2.6.32-5-amd64:
--- End Message ---
--- Begin Message ---
- To: 597576-done@bugs.debian.org
- Subject: Re: Bug#597576: linux-image-2.6.32-5-amd64: 2.6.32-23 still vulnerable to CVE-2010-3301
- From: Ben Hutchings <ben@decadent.org.uk>
- Date: Tue, 21 Sep 2010 00:14:36 +0100
- Message-id: <1285024476.2697.85.camel@localhost>
- In-reply-to: <[🔎] 20100920225116.2658.67099.reportbug@nobel.vault24.org>
- References: <[🔎] 20100920225116.2658.67099.reportbug@nobel.vault24.org>
On Mon, 2010-09-20 at 18:51 -0400, Jon wrote: > Package: linux-2.6 > Version: 2.6.32-23 > Justification: root security hole > Severity: critical > Tags: security > > > The changelog says the CVE-2010-3301 was fixed in this update: > * x86-64, compat (CVE-2010-3301): > - Retruncate rax after ia32 syscall entry tracing > - Test %rax for the syscall number, not %eax > > But a test of the exploit shows otherwise: > > nuxi@nobel:~(0)$ ./robert_you_suck > resolved symbol commit_creds to 0xffffffff8106914d > resolved symbol prepare_kernel_cred to 0xffffffff81069050 > mapping at 3f80000000 > UID 1000, EUID:1000 GID:100, EGID:100 > $ Erm, no. Read the output. Ben. -- Ben Hutchings Once a job is fouled up, anything done to improve it makes it worse.Attachment: signature.asc
Description: This is a digitally signed message part
--- End Message ---