Re: Wheezy is vulnerable to CVE-2013-2094

To: Kees de Jong <keesdejong@gmail.com>
Cc: debian-security@lists.debian.org
Subject: Re: Wheezy is vulnerable to CVE-2013-2094
From: Gavin <netmatters@gmail.com>
Date: Wed, 15 May 2013 13:32:47 +0200
Message-id: <[🔎] CAN=HbL+YvwKs99_AW3amHtX-_rKoYwz=yLEo4S4xBjVqV_bdvA@mail.gmail.com>
In-reply-to: <[🔎] CAAH150Yd+zDT2exEfOvQebfg_tzX3Tad-2EqjvnWeW=_9zTPuw@mail.gmail.com>
References: <[🔎] CAHRhq0oKnfOieZCC1BwrX1o3YEzR-D0aGCZ4mq0WQPiUzJw2XA@mail.gmail.com> <[🔎] CAN=HbLKvPKCop39STjdivBFGCaymjzmmH1FvfU=qNMitrNYJ=w@mail.gmail.com> <[🔎] 87y5bhjw74.fsf@zoth-ommog.unzane.com> <[🔎] CAN=HbLJp+NgqX4D6MjeEppoEh_f7zW8EfqVpmU1SC+icHG953Q@mail.gmail.com> <[🔎] 519307DE.9050300@mail.ru> <[🔎] CAAH150Yd+zDT2exEfOvQebfg_tzX3Tad-2EqjvnWeW=_9zTPuw@mail.gmail.com>

On 15 May 2013 12:50, Kees de Jong <keesdejong@gmail.com> wrote:
> Gavin, did you use the right exploit? The output looks like it's designed
> for a 2.6.37 kernel. I don't have a computer near me to check the exploit
> myself. Could you please verify you used the right exploit? Thanks!

Hi Kees,

I grabbed the source from here:-
http://packetstormsecurity.com/files/121616/semtex.c

Compiled it like so:-

gavin@caelyn:~$ gcc -O2 semtex.c && ./a.out

As soon as I hit enter my kernel panics:-

" BUG: unable to handle kernel paging request at xxxxxxxxxxxxx. "

gavin@caelyn:~$ uname -a
Linux caelyn 3.2.0-4-amd64 #1 SMP Debian 3.2.41-2 x86_64 GNU/Linux

gavin@caelyn:~$ gcc -v
Using built-in specs.
COLLECT_GCC=gcc
COLLECT_LTO_WRAPPER=/usr/lib/gcc/x86_64-linux-gnu/4.7/lto-wrapper
Target: x86_64-linux-gnu
Configured with: ../src/configure -v --with-pkgversion='Debian
4.7.2-5' --with-bugurl=file:///usr/share/doc/gcc-4.7/README.Bugs
--enable-languages=c,c++,go,fortran,objc,obj-c++ --prefix=/usr
--program-suffix=-4.7 --enable-shared --enable-linker-build-id
--with-system-zlib --libexecdir=/usr/lib --without-included-gettext
--enable-threads=posix --with-gxx-include-dir=/usr/include/c++/4.7
--libdir=/usr/lib --enable-nls --with-sysroot=/ --enable-clocale=gnu
--enable-libstdcxx-debug --enable-libstdcxx-time=yes
--enable-gnu-unique-object --enable-plugin --enable-objc-gc
--with-arch-32=i586 --with-tune=generic --enable-checking=release
--build=x86_64-linux-gnu --host=x86_64-linux-gnu
--target=x86_64-linux-gnu
Thread model: posix
gcc version 4.7.2 (Debian 4.7.2-5)

Platform: Dell XPS Laptop (Intel Core i7-3612QM) with 16GB RAM.

Thanks,
Gavin

Reply to:

References:
- Wheezy is vulnerable to CVE-2013-2094
  - From: John Andreasson <andreassonjohn@gmail.com>
- Re: Wheezy is vulnerable to CVE-2013-2094
  - From: Gavin <netmatters@gmail.com>
- Re: Wheezy is vulnerable to CVE-2013-2094
  - From: Gerald Turner <gturner@unzane.com>
- Re: Wheezy is vulnerable to CVE-2013-2094
  - From: Gavin <netmatters@gmail.com>
- Re: Wheezy is vulnerable to CVE-2013-2094
  - From: nnex <nnex@mail.ru>
- Re: Wheezy is vulnerable to CVE-2013-2094
  - From: Kees de Jong <keesdejong@gmail.com>

Prev by Date: Re: Wheezy is vulnerable to CVE-2013-2094
Next by Date: Re: Wheezy is vulnerable to CVE-2013-2094
Previous by thread: Re: Wheezy is vulnerable to CVE-2013-2094
Next by thread: Re: Wheezy is vulnerable to CVE-2013-2094
Index(es):
- Date
- Thread