[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#597576: marked as done (linux-image-2.6.32-5-amd64: 2.6.32-23 still vulnerable to CVE-2010-3301)

Your message dated Tue, 21 Sep 2010 00:14:36 +0100
with message-id <1285024476.2697.85.camel@localhost>
and subject line Re: Bug#597576: linux-image-2.6.32-5-amd64: 2.6.32-23 still vulnerable to CVE-2010-3301
has caused the Debian Bug report #597576,
regarding linux-image-2.6.32-5-amd64: 2.6.32-23 still vulnerable to CVE-2010-3301
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
597576: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=597576
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: linux-2.6
Version: 2.6.32-23
Justification: root security hole
Severity: critical
Tags: security


The changelog says the CVE-2010-3301 was fixed in this update:
  * x86-64, compat (CVE-2010-3301):
    - Retruncate rax after ia32 syscall entry tracing
    - Test %rax for the syscall number, not %eax

But a test of the exploit shows otherwise:

nuxi@nobel:~(0)$ ./robert_you_suck
resolved symbol commit_creds to 0xffffffff8106914d
resolved symbol prepare_kernel_cred to 0xffffffff81069050
mapping at 3f80000000
UID 1000, EUID:1000 GID:100, EGID:100
$ 


-- Package-specific info:
** Version:
Linux version 2.6.32-5-amd64 (Debian 2.6.32-23) (dannf@debian.org) (gcc version 4.3.5 (Debian 4.3.5-3) ) #1 SMP Fri Sep 17 21:50:19 UTC 2010

** Command line:
BOOT_IMAGE=/boot/vmlinuz-2.6.32-5-amd64 root=/dev/md0 ro

** Not tainted

** Kernel log:
[    5.279654] cdc_acm 6-1:1.0: ttyACM0: USB ACM device
[    5.294320] usbcore: registered new interface driver cdc_acm
[    5.294363] cdc_acm: v0.26:USB Abstract Control Model driver for USB modems and ISDN adapters
[    5.370027] [drm] Initialized drm 1.1.0 20060810
[    5.490867] [drm] radeon kernel modesetting enabled.
[    5.491029] radeon 0000:01:05.0: PCI INT A -> GSI 18 (level, low) -> IRQ 18
[    5.491077] radeon 0000:01:05.0: setting latency timer to 64
[    5.493310] [drm] radeon: Initializing kernel modesetting.
[    5.493507] [drm] register mmio base: 0xFEAF0000
[    5.493546] [drm] register mmio size: 65536
[    5.497856] ATOM BIOS: B27722
[    5.497911] [drm] Clocks initialized !
[    5.498112] [drm] Detected VRAM RAM=256M, BAR=256M
[    5.498153] [drm] RAM width 32bits DDR
[    5.498258] [TTM] Zone  kernel: Available graphics memory: 1901200 kiB.
[    5.498308] [drm] radeon: 256M of VRAM memory ready
[    5.498343] [drm] radeon: 512M of GTT memory ready.
[    5.498408] [drm] radeon: irq initialized.
[    5.498445] [drm] GART: num cpu pages 131072, num gpu pages 131072
[    5.499243] [drm] Loading RS780 Microcode
[    5.499287] platform radeon_cp.0: firmware: requesting radeon/RS780_pfp.bin
[    5.499916] EDAC amd64_edac:  Ver: 3.2.0 Sep 17 2010
[    5.500988] EDAC amd64: This node reports that Memory ECC is currently disabled, set F3x44[22] (0000:00:18.3).
[    5.501038] EDAC amd64: ECC disabled in the BIOS or no ECC capability, module will not load.
[    5.501040]  Either enable ECC checking or force module loading by setting 'ecc_enable_override'.
[    5.501041]  (Note that use of the override may cause unknown side effects.)
[    5.501167] amd64_edac: probe of 0000:00:18.2 failed with error -22
[    5.563779] platform radeon_cp.0: firmware: requesting radeon/RS780_me.bin
[    5.603520] platform radeon_cp.0: firmware: requesting radeon/R600_rlc.bin
[    5.622877] HDA Intel 0000:00:14.2: PCI INT A -> GSI 16 (level, low) -> IRQ 16
[    5.668153] [drm] ring test succeeded in 1 usecs
[    5.668276] [drm] radeon: ib pool ready.
[    5.668372] [drm] ib test succeeded in 0 usecs
[    5.668421] [drm] Enabling audio support
[    5.668582] [drm] Radeon Display Connectors
[    5.668653] [drm] Connector 0:
[    5.668690] [drm]   VGA
[    5.668726] [drm]   DDC: 0x7e40 0x7e40 0x7e44 0x7e44 0x7e48 0x7e48 0x7e4c 0x7e4c
[    5.668767] [drm]   Encoders:
[    5.668803] [drm]     CRT1: INTERNAL_KLDSCP_DAC1
[    5.668838] [drm] Connector 1:
[    5.668872] [drm]   DVI-D
[    5.668906] [drm]   HPD3
[    5.668941] [drm]   DDC: 0x7e50 0x7e50 0x7e54 0x7e54 0x7e58 0x7e58 0x7e5c 0x7e5c
[    5.668980] [drm]   Encoders:
[    5.669015] [drm]     DFP1: INTERNAL_KLDSCP_LVTMA
[    5.717477] [drm] fb mappable at 0xD0141000
[    5.717516] [drm] vram apper at 0xD0000000
[    5.717550] [drm] size 3145728
[    5.717585] [drm] fb depth is 24
[    5.717619] [drm]    pitch is 4096
[    5.733776] Console: switching to colour frame buffer device 128x48
[    5.743640] fb0: radeondrmfb frame buffer device
[    5.743729] registered panic notifier
[    5.743803] [drm] Initialized radeon 2.0.0 20080528 for 0000:01:05.0 on minor 0
[    5.750796] hda_codec: ALC888: BIOS auto-probing.
[    5.752442] input: HDA Digital PCBeep as /devices/pci0000:00/0000:00:14.2/input/input5
[    6.131201] input: ImPS/2 Generic Wheel Mouse as /devices/platform/i8042/serio1/input/input6
[    6.745690] loop: AES key scrubbing enabled
[    6.749698] loop: loaded (max 8 devices)
[    6.761982] f71882fg: Found f71882fg chip at 0x600, revision 32
[    6.762561] f71882fg f71882fg.1536: Fan: 1 is in duty-cycle mode
[    6.765048] f71882fg f71882fg.1536: Fan: 2 is in duty-cycle mode
[    6.767477] f71882fg f71882fg.1536: Fan: 3 is in duty-cycle mode
[    6.769950] f71882fg f71882fg.1536: Fan: 4 is in duty-cycle mode
[    7.163278] Adding 4883748k swap on /dev/loop2.  Priority:-1 extents:1 across:4883748k 
[    7.324545] XFS mounting filesystem md1
[    7.446032] Ending clean XFS mount for filesystem: md1
[    7.559360] RPC: Registered udp transport module.
[    7.563548] RPC: Registered tcp transport module.
[    7.567733] RPC: Registered tcp NFSv4.1 backchannel transport module.
[    7.743492] Installing knfsd (copyright (C) 1996 okir@monad.swb.de).
[    9.507635] r8169: eth0: link up
[    9.511642] r8169: eth0: link up
[   10.456361] fuse init (API version 7.13)
[   11.064271] svc: failed to register lockdv1 RPC service (errno 97).
[   11.069200] NFSD: Using /var/lib/nfs/v4recovery as the NFSv4 state recovery directory
[   11.073173] NFSD: starting 90-second grace period
[   14.237813] vboxdrv: Trying to deactivate the NMI watchdog permanently...
[   14.237816] vboxdrv: Warning: 2.6.31+ kernel detected. Most likely the hardware performance
[   14.237818] vboxdrv: counter framework which can generate NMIs is active. You have to prevent
[   14.237819] vboxdrv: the usage of hardware performance counters by
[   14.237820] vboxdrv:   echo 2 > /proc/sys/kernel/perf_counter_paranoid
[   14.237823] vboxdrv: Found 2 processor cores.
[   14.237886] VBoxDrv: dbg - g_abExecMemory=ffffffffa04af6c0
[   14.237901] vboxdrv: fAsync=1 offMin=0x38f9 offMax=0x38f9
[   14.238191] vboxdrv: TSC mode is 'asynchronous', kernel timer mode is 'normal'.
[   14.238193] vboxdrv: Successfully loaded version 3.2.8 (interface 0x00140001).
[   19.784018] eth0: no IPv6 routers present
[  250.280495] Slow work thread pool: Starting up
[  250.280548] Slow work thread pool: Ready
[  250.280610] FS-Cache: Loaded
[  250.301057] FS-Cache: Netfs 'nfs' registered for caching
[  257.973689] XFS mounting filesystem loop3
[  258.118805] Ending clean XFS mount for filesystem: loop3
[  262.272196] nfsd: last server has exited, flushing export cache
[  263.319647] NFSD: Using /var/lib/nfs/v4recovery as the NFSv4 state recovery directory
[  263.324355] NFSD: starting 90-second grace period
[ 6028.283539] warning: `VirtualBox' uses 32-bit capabilities (legacy support in use)
[ 6034.030553] device eth0 entered promiscuous mode

** Model information
sys_vendor: MICRO-STAR INTERNATIONAL CO.,LTD
product_name: MS-7501
product_version: 1.0
chassis_vendor: MICRO-STAR INTERNATIONAL CO.,LTD
chassis_version: 1.0
bios_vendor: American Megatrends Inc.
bios_version: V1.4
board_vendor: MICRO-STAR INTERNATIONAL CO.,LTD
board_name: MS-7501
board_version: 1.0

** Loaded modules:
Module                  Size  Used by
nfs                   240218  2 
fscache                29594  1 nfs
vboxnetadp              4193  0 
vboxnetflt             12525  1 
vboxdrv              1723527  3 vboxnetadp,vboxnetflt
autofs4                20693  1 
binfmt_misc             6399  1 
fuse                   49998  1 
nfsd                  253286  11 
lockd                  57475  2 nfs,nfsd
nfs_acl                 2031  2 nfs,nfsd
auth_rpcgss            33396  2 nfs,nfsd
sunrpc                160837  22 nfs,nfsd,lockd,nfs_acl,auth_rpcgss
f71882fg               25618  0 
loop                   50001  4 
snd_hda_codec_realtek   235570  1 
snd_hda_intel          19955  11 
snd_hda_codec          54244  2 snd_hda_codec_realtek,snd_hda_intel
snd_hwdep               5380  1 snd_hda_codec
snd_pcm                60503  5 snd_hda_intel,snd_hda_codec
radeon                572625  3 
snd_seq                42737  0 
ttm                    39746  1 radeon
snd_timer              15582  5 snd_pcm,snd_seq
snd_seq_device          4493  1 snd_seq
drm_kms_helper         20033  1 radeon
snd                    46414  24 snd_hda_codec_realtek,snd_hda_intel,snd_hda_codec,snd_hwdep,snd_pcm,snd_seq,snd_timer,snd_seq_device
drm                   142151  5 radeon,ttm,drm_kms_helper
cdc_acm                13686  0 
k8temp                  3155  0 
i2c_piix4               8328  0 
psmouse                49729  0 
edac_core              29261  0 
edac_mce_amd            6401  0 
soundcore               4598  1 snd
snd_page_alloc          6169  2 snd_hda_intel,snd_pcm
i2c_algo_bit            4225  1 radeon
i2c_core               15680  5 radeon,drm_kms_helper,drm,i2c_piix4,i2c_algo_bit
evdev                   7352  0 
shpchp                 26264  0 
pci_hotplug            21203  1 shpchp
pcspkr                  1699  0 
button                  4650  0 
serio_raw               3752  0 
processor              30239  0 
xfs                   435581  3 
exportfs                3138  2 nfsd,xfs
raid1                  18367  3 
md_mod                 73728  4 raid1
sg                     18712  0 
sd_mod                 29713  5 
crc_t10dif              1276  1 sd_mod
sr_mod                 12602  0 
cdrom                  29415  1 sr_mod
ata_generic             2983  0 
ohci_hcd               19116  0 
ahci                   32310  4 
r8169                  28765  0 
pata_atiixp             3457  0 
mii                     3210  1 r8169
thermal                11674  0 
thermal_sys            11942  2 processor,thermal
libata                133328  3 ata_generic,ahci,pata_atiixp
ehci_hcd               30895  0 
scsi_mod              121861  4 sg,sd_mod,sr_mod,libata
usbcore               121698  4 cdc_acm,ohci_hcd,ehci_hcd
nls_base                6377  1 usbcore

** PCI devices:
00:00.0 Host bridge [0600]: Advanced Micro Devices [AMD] RS780 Host Bridge [1022:9600]
	Subsystem: Advanced Micro Devices [AMD] RS780 Host Bridge [1022:9600]
	Control: I/O- Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx-
	Status: Cap+ 66MHz+ UDF- FastB2B- ParErr- DEVSEL=medium >TAbort- <TAbort- <MAbort+ >SERR- <PERR- INTx-
	Latency: 0
	Capabilities: <access denied>

00:01.0 PCI bridge [0604]: Advanced Micro Devices [AMD] RS780 PCI to PCI bridge (int gfx) [1022:9602] (prog-if 00 [Normal decode])
	Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR+ FastB2B- DisINTx-
	Status: Cap+ 66MHz+ UDF- FastB2B- ParErr- DEVSEL=medium >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx-
	Latency: 64
	Bus: primary=00, secondary=01, subordinate=01, sec-latency=64
	I/O behind bridge: 0000d000-0000dfff
	Memory behind bridge: fe900000-feafffff
	Prefetchable memory behind bridge: 00000000d0000000-00000000dfffffff
	Secondary status: 66MHz+ FastB2B- ParErr- DEVSEL=medium >TAbort- <TAbort- <MAbort- <SERR- <PERR-
	BridgeCtl: Parity- SERR+ NoISA- VGA+ MAbort- >Reset- FastB2B-
		PriDiscTmr- SecDiscTmr- DiscTmrStat- DiscTmrSERREn-
	Capabilities: <access denied>

00:05.0 PCI bridge [0604]: Advanced Micro Devices [AMD] RS780 PCI to PCI bridge (PCIE port 1) [1022:9605] (prog-if 00 [Normal decode])
	Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR+ FastB2B- DisINTx+
	Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx-
	Latency: 0, Cache Line Size: 64 bytes
	Bus: primary=00, secondary=02, subordinate=02, sec-latency=0
	I/O behind bridge: 0000e000-0000efff
	Memory behind bridge: feb00000-febfffff
	Prefetchable memory behind bridge: 00000000fdf00000-00000000fdffffff
	Secondary status: 66MHz- FastB2B- ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort- <SERR- <PERR-
	BridgeCtl: Parity+ SERR+ NoISA+ VGA- MAbort- >Reset- FastB2B-
		PriDiscTmr- SecDiscTmr- DiscTmrStat- DiscTmrSERREn-
	Capabilities: <access denied>
	Kernel driver in use: pcieport

00:11.0 SATA controller [0106]: ATI Technologies Inc SB700/SB800 SATA Controller [AHCI mode] [1002:4391] (prog-if 01 [AHCI 1.0])
	Subsystem: Micro-Star International Co., Ltd. Device [1462:7501]
	Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR+ FastB2B- DisINTx-
	Status: Cap+ 66MHz+ UDF- FastB2B- ParErr- DEVSEL=medium >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx-
	Latency: 64, Cache Line Size: 64 bytes
	Interrupt: pin A routed to IRQ 22
	Region 0: I/O ports at c000 [size=8]
	Region 1: I/O ports at b000 [size=4]
	Region 2: I/O ports at a000 [size=8]
	Region 3: I/O ports at 9000 [size=4]
	Region 4: I/O ports at 8000 [size=16]
	Region 5: Memory at fe8ff800 (32-bit, non-prefetchable) [size=1K]
	Capabilities: <access denied>
	Kernel driver in use: ahci

00:12.0 USB Controller [0c03]: ATI Technologies Inc SB700/SB800 USB OHCI0 Controller [1002:4397] (prog-if 10 [OHCI])
	Subsystem: Micro-Star International Co., Ltd. Device [1462:7501]
	Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV+ VGASnoop- ParErr- Stepping- SERR+ FastB2B- DisINTx-
	Status: Cap- 66MHz+ UDF- FastB2B+ ParErr- DEVSEL=medium >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx-
	Latency: 64, Cache Line Size: 64 bytes
	Interrupt: pin A routed to IRQ 16
	Region 0: Memory at fe8fe000 (32-bit, non-prefetchable) [size=4K]
	Kernel driver in use: ohci_hcd

00:12.1 USB Controller [0c03]: ATI Technologies Inc SB700 USB OHCI1 Controller [1002:4398] (prog-if 10 [OHCI])
	Subsystem: Micro-Star International Co., Ltd. Device [1462:7501]
	Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV+ VGASnoop- ParErr- Stepping- SERR+ FastB2B- DisINTx-
	Status: Cap- 66MHz+ UDF- FastB2B+ ParErr- DEVSEL=medium >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx-
	Latency: 64, Cache Line Size: 64 bytes
	Interrupt: pin A routed to IRQ 16
	Region 0: Memory at fe8fd000 (32-bit, non-prefetchable) [size=4K]
	Kernel driver in use: ohci_hcd

00:12.2 USB Controller [0c03]: ATI Technologies Inc SB700/SB800 USB EHCI Controller [1002:4396] (prog-if 20 [EHCI])
	Subsystem: Micro-Star International Co., Ltd. Device [1462:7501]
	Control: I/O- Mem+ BusMaster+ SpecCycle- MemWINV+ VGASnoop- ParErr- Stepping- SERR+ FastB2B- DisINTx-
	Status: Cap+ 66MHz+ UDF- FastB2B+ ParErr- DEVSEL=medium >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx-
	Latency: 64, Cache Line Size: 64 bytes
	Interrupt: pin B routed to IRQ 17
	Region 0: Memory at fe8ff000 (32-bit, non-prefetchable) [size=256]
	Capabilities: <access denied>
	Kernel driver in use: ehci_hcd

00:13.0 USB Controller [0c03]: ATI Technologies Inc SB700/SB800 USB OHCI0 Controller [1002:4397] (prog-if 10 [OHCI])
	Subsystem: Micro-Star International Co., Ltd. Device [1462:7501]
	Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV+ VGASnoop- ParErr- Stepping- SERR+ FastB2B- DisINTx-
	Status: Cap- 66MHz+ UDF- FastB2B+ ParErr- DEVSEL=medium >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx-
	Latency: 64, Cache Line Size: 64 bytes
	Interrupt: pin A routed to IRQ 18
	Region 0: Memory at fe8fc000 (32-bit, non-prefetchable) [size=4K]
	Kernel driver in use: ohci_hcd

00:13.1 USB Controller [0c03]: ATI Technologies Inc SB700 USB OHCI1 Controller [1002:4398] (prog-if 10 [OHCI])
	Subsystem: Micro-Star International Co., Ltd. Device [1462:7501]
	Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV+ VGASnoop- ParErr- Stepping- SERR+ FastB2B- DisINTx-
	Status: Cap- 66MHz+ UDF- FastB2B+ ParErr- DEVSEL=medium >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx-
	Latency: 64, Cache Line Size: 64 bytes
	Interrupt: pin A routed to IRQ 18
	Region 0: Memory at fe8f7000 (32-bit, non-prefetchable) [size=4K]
	Kernel driver in use: ohci_hcd

00:13.2 USB Controller [0c03]: ATI Technologies Inc SB700/SB800 USB EHCI Controller [1002:4396] (prog-if 20 [EHCI])
	Subsystem: Micro-Star International Co., Ltd. Device [1462:7501]
	Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV+ VGASnoop- ParErr- Stepping- SERR+ FastB2B- DisINTx-
	Status: Cap+ 66MHz+ UDF- FastB2B+ ParErr- DEVSEL=medium >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx-
	Latency: 64, Cache Line Size: 64 bytes
	Interrupt: pin B routed to IRQ 19
	Region 0: Memory at fe8f6800 (32-bit, non-prefetchable) [size=256]
	Capabilities: <access denied>
	Kernel driver in use: ehci_hcd

00:14.0 SMBus [0c05]: ATI Technologies Inc SBx00 SMBus Controller [1002:4385] (rev 3a)
	Subsystem: Micro-Star International Co., Ltd. Device [1462:7501]
	Control: I/O+ Mem+ BusMaster- SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx+
	Status: Cap+ 66MHz+ UDF- FastB2B- ParErr- DEVSEL=medium >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx-
	Capabilities: <access denied>
	Kernel driver in use: piix4_smbus

00:14.1 IDE interface [0101]: ATI Technologies Inc SB700/SB800 IDE Controller [1002:439c] (prog-if 8a [Master SecP PriP])
	Subsystem: Micro-Star International Co., Ltd. Device [1462:7501]
	Control: I/O+ Mem- BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx-
	Status: Cap+ 66MHz+ UDF- FastB2B- ParErr- DEVSEL=medium >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx-
	Latency: 64
	Interrupt: pin A routed to IRQ 16
	Region 0: I/O ports at 01f0 [size=8]
	Region 1: I/O ports at 03f4 [size=1]
	Region 2: I/O ports at 0170 [size=8]
	Region 3: I/O ports at 0374 [size=1]
	Region 4: I/O ports at ff00 [size=16]
	Capabilities: <access denied>
	Kernel driver in use: pata_atiixp

00:14.2 Audio device [0403]: ATI Technologies Inc SBx00 Azalia (Intel HDA) [1002:4383]
	Subsystem: Micro-Star International Co., Ltd. Device [1462:7501]
	Control: I/O- Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx-
	Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=slow >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx-
	Latency: 64, Cache Line Size: 64 bytes
	Interrupt: pin ? routed to IRQ 16
	Region 0: Memory at fe8f0000 (64-bit, non-prefetchable) [size=16K]
	Capabilities: <access denied>
	Kernel driver in use: HDA Intel

00:14.3 ISA bridge [0601]: ATI Technologies Inc SB700/SB800 LPC host controller [1002:439d]
	Subsystem: Micro-Star International Co., Ltd. Device [1462:7501]
	Control: I/O+ Mem+ BusMaster+ SpecCycle+ MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx-
	Status: Cap- 66MHz+ UDF- FastB2B- ParErr- DEVSEL=medium >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx-
	Latency: 0

00:14.4 PCI bridge [0604]: ATI Technologies Inc SBx00 PCI to PCI Bridge [1002:4384] (prog-if 01 [Subtractive decode])
	Control: I/O+ Mem- BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR+ FastB2B- DisINTx-
	Status: Cap- 66MHz+ UDF- FastB2B+ ParErr- DEVSEL=medium >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx-
	Latency: 64
	Bus: primary=00, secondary=03, subordinate=03, sec-latency=64
	Secondary status: 66MHz- FastB2B+ ParErr- DEVSEL=medium >TAbort- <TAbort- <MAbort+ <SERR- <PERR-
	BridgeCtl: Parity+ SERR+ NoISA+ VGA- MAbort- >Reset- FastB2B-
		PriDiscTmr- SecDiscTmr- DiscTmrStat- DiscTmrSERREn-

00:14.5 USB Controller [0c03]: ATI Technologies Inc SB700/SB800 USB OHCI2 Controller [1002:4399] (prog-if 10 [OHCI])
	Subsystem: Micro-Star International Co., Ltd. Device [1462:7501]
	Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV+ VGASnoop- ParErr- Stepping- SERR+ FastB2B- DisINTx-
	Status: Cap- 66MHz+ UDF- FastB2B+ ParErr- DEVSEL=medium >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx-
	Latency: 64, Cache Line Size: 64 bytes
	Interrupt: pin C routed to IRQ 18
	Region 0: Memory at fe8f5000 (32-bit, non-prefetchable) [size=4K]
	Kernel driver in use: ohci_hcd

00:18.0 Host bridge [0600]: Advanced Micro Devices [AMD] K8 [Athlon64/Opteron] HyperTransport Technology Configuration [1022:1100]
	Control: I/O- Mem- BusMaster- SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx-
	Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx-
	Capabilities: <access denied>

00:18.1 Host bridge [0600]: Advanced Micro Devices [AMD] K8 [Athlon64/Opteron] Address Map [1022:1101]
	Control: I/O- Mem- BusMaster- SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx-
	Status: Cap- 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx-

00:18.2 Host bridge [0600]: Advanced Micro Devices [AMD] K8 [Athlon64/Opteron] DRAM Controller [1022:1102]
	Control: I/O- Mem- BusMaster- SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx-
	Status: Cap- 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx-

00:18.3 Host bridge [0600]: Advanced Micro Devices [AMD] K8 [Athlon64/Opteron] Miscellaneous Control [1022:1103]
	Control: I/O- Mem- BusMaster- SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx-
	Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx-
	Capabilities: <access denied>
	Kernel driver in use: k8temp

01:05.0 VGA compatible controller [0300]: ATI Technologies Inc Radeon 3100 Graphics [1002:9611] (prog-if 00 [VGA controller])
	Subsystem: Micro-Star International Co., Ltd. Device [1462:7501]
	Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR+ FastB2B- DisINTx-
	Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx-
	Latency: 0, Cache Line Size: 64 bytes
	Interrupt: pin A routed to IRQ 18
	Region 0: Memory at d0000000 (32-bit, prefetchable) [size=256M]
	Region 1: I/O ports at d000 [size=256]
	Region 2: Memory at feaf0000 (32-bit, non-prefetchable) [size=64K]
	Region 5: Memory at fe900000 (32-bit, non-prefetchable) [size=1M]
	Expansion ROM at <unassigned> [disabled]
	Capabilities: <access denied>
	Kernel driver in use: radeon

02:00.0 Ethernet controller [0200]: Realtek Semiconductor Co., Ltd. RTL8111/8168B PCI Express Gigabit Ethernet controller [10ec:8168] (rev 02)
	Subsystem: Micro-Star International Co., Ltd. Device [1462:501c]
	Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR+ FastB2B- DisINTx+
	Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx-
	Latency: 0, Cache Line Size: 64 bytes
	Interrupt: pin A routed to IRQ 25
	Region 0: I/O ports at e800 [size=256]
	Region 2: Memory at fdfff000 (64-bit, prefetchable) [size=4K]
	Region 4: Memory at fdfe0000 (64-bit, prefetchable) [size=64K]
	Expansion ROM at febf0000 [disabled] [size=64K]
	Capabilities: <access denied>
	Kernel driver in use: r8169


** USB devices:
Bus 007 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 006 Device 002: ID 22b8:4902 Motorola PCS Triplet GSM Phone (AT)
Bus 006 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 005 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 004 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 003 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 002 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub


-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.32-5-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages linux-image-2.6.32-5-amd64 depends on:
ii  debconf [debconf-2.0]         1.5.35     Debian configuration management sy
ii  initramfs-tools [linux-initra 0.98.3     tools for generating an initramfs
ii  linux-base                    2.6.32-23  Linux image base package
ii  module-init-tools             3.12-1     tools for managing Linux kernel mo

Versions of packages linux-image-2.6.32-5-amd64 recommends:
ii  firmware-linux-free           2.6.32-23  Binary firmware for various driver

Versions of packages linux-image-2.6.32-5-amd64 suggests:
pn  grub | lilo                   <none>     (no description available)
pn  linux-doc-2.6.32              <none>     (no description available)

Versions of packages linux-image-2.6.32-5-amd64 is related to:
pn  firmware-bnx2                 <none>     (no description available)
pn  firmware-bnx2x                <none>     (no description available)
pn  firmware-ipw2x00              <none>     (no description available)
pn  firmware-ivtv                 <none>     (no description available)
pn  firmware-iwlwifi              <none>     (no description available)
ii  firmware-linux                0.26       Binary firmware for various driver
ii  firmware-linux-nonfree        0.26       Binary firmware for various driver
pn  firmware-qlogic               <none>     (no description available)
pn  firmware-ralink               <none>     (no description available)
pn  xen-hypervisor                <none>     (no description available)

-- debconf information:
  shared/kernel-image/really-run-bootloader: true
  linux-image-2.6.32-5-amd64/postinst/bootloader-test-error-2.6.32-5-amd64:
  linux-image-2.6.32-5-amd64/postinst/bootloader-error-2.6.32-5-amd64:
  linux-image-2.6.32-5-amd64/prerm/would-invalidate-boot-loader-2.6.32-5-amd64: true
  linux-image-2.6.32-5-amd64/postinst/ignoring-do-bootloader-2.6.32-5-amd64:
  linux-image-2.6.32-5-amd64/postinst/depmod-error-initrd-2.6.32-5-amd64: false
  linux-image-2.6.32-5-amd64/prerm/removing-running-kernel-2.6.32-5-amd64: true
  linux-image-2.6.32-5-amd64/postinst/missing-firmware-2.6.32-5-amd64:

--- End Message ---
--- Begin Message --- 
On Mon, 2010-09-20 at 18:51 -0400, Jon wrote:
> Package: linux-2.6
> Version: 2.6.32-23
> Justification: root security hole
> Severity: critical
> Tags: security
> 
> 
> The changelog says the CVE-2010-3301 was fixed in this update:
>   * x86-64, compat (CVE-2010-3301):
>     - Retruncate rax after ia32 syscall entry tracing
>     - Test %rax for the syscall number, not %eax
> 
> But a test of the exploit shows otherwise:
> 
> nuxi@nobel:~(0)$ ./robert_you_suck
> resolved symbol commit_creds to 0xffffffff8106914d
> resolved symbol prepare_kernel_cred to 0xffffffff81069050
> mapping at 3f80000000
> UID 1000, EUID:1000 GID:100, EGID:100
> $ 

Erm, no.  Read the output.

Ben.

-- 
Ben Hutchings
Once a job is fouled up, anything done to improve it makes it worse.

Attachment: signature.asc
Description: This is a digitally signed message part


--- End Message ---
Reply to: