Which kernels are vulnerable?

To: debian-security@lists.debian.org
Subject: Which kernels are vulnerable?
From: "Izak Burger" <isburger@gmail.com>
Date: Mon, 17 Jul 2006 09:32:46 +0200
Message-id: <[🔎] e2e2e5500607170032k4b9ea29dj43204787158f4da6@mail.gmail.com>

Hi all,

Had an argument over the weekend about which kernels are vulnerable to
the exploit that was used to take gluck down.  I maintained that only
kernels >= 2.6.13 and <= 2.6.17.4 are vulnerable, but in the end I
proved myself wrong when I took the exploit code, changed the line
that says:

  prctl(PR_SET_DUMPABLE, 2)

to

  prctl(PR_SET_DUMPABLE, 1)

and ran it on a sarge box running 2.6.8 (not sure exactly which
version), and STILL got a root prompt back.  This sarge machine runs
the kernel it was installed with, that is the one on the 3.1r0a cd
image (I need to upgrade it obviously).

I then tried the same modified exploit on a vulnerable 2.6.15, and it
failed (ie, on 2.6.15 it only succeeds if you call it with
PR_SET_DUMPABLE argument = 2).

My questions: is this a different bug to CVE-2006-2451?  When was it
fixed and what are
the relevant advisory numbers?

I apologise if this was answered before.  I cannot reach
lists.debian.org via http right now to check the archives.

regards,
Izak

Reply to:

Follow-Ups:
- Re: Which kernels are vulnerable?
  - From: "Izak Burger" <isburger@gmail.com>

Prev by Date: Subject: HealthUniverse is on a roll HLUN . pk
Next by Date: autoresponse
Previous by thread: Subject: HealthUniverse is on a roll HLUN . pk
Next by thread: Re: Which kernels are vulnerable?
Index(es):
- Date
- Thread