Bug#597576: [Secure-testing-team] Bug#597576: linux-image-2.6.32-5-amd64: 2.6.32-23 still vulnerable to CVE-2010-3301
On Mon, Sep 20, 2010 at 06:51:16PM -0400, Jon wrote:
>
> Package: linux-2.6
> Version: 2.6.32-23
> Justification: root security hole
> Severity: critical
> Tags: security
>
>
> The changelog says the CVE-2010-3301 was fixed in this update:
> * x86-64, compat (CVE-2010-3301):
> - Retruncate rax after ia32 syscall entry tracing
> - Test %rax for the syscall number, not %eax
>
> But a test of the exploit shows otherwise:
>
> nuxi@nobel:~(0)$ ./robert_you_suck
> resolved symbol commit_creds to 0xffffffff8106914d
> resolved symbol prepare_kernel_cred to 0xffffffff81069050
> mapping at 3f80000000
> UID 1000, EUID:1000 GID:100, EGID:100
> $
How so? UID 1000 isn't root...
Reply to: