Re: Wheezy is vulnerable to CVE-2013-2094

To: John Andreasson <andreassonjohn@gmail.com>
Cc: debian-security@lists.debian.org
Subject: Re: Wheezy is vulnerable to CVE-2013-2094
From: Gavin <netmatters@gmail.com>
Date: Tue, 14 May 2013 19:29:10 +0200
Message-id: <[🔎] CAN=HbLKvPKCop39STjdivBFGCaymjzmmH1FvfU=qNMitrNYJ=w@mail.gmail.com>
In-reply-to: <[🔎] CAHRhq0oKnfOieZCC1BwrX1o3YEzR-D0aGCZ4mq0WQPiUzJw2XA@mail.gmail.com>
References: <[🔎] CAHRhq0oKnfOieZCC1BwrX1o3YEzR-D0aGCZ4mq0WQPiUzJw2XA@mail.gmail.com>

On 14 May 2013 18:36, John Andreasson <andreassonjohn@gmail.com> wrote:
>
> Hi.
>
> Was just alerted of a kernel bug in RHEL [1], but when testing the sample code on Wheezy as an unprivileged user it successfully gives me a root prompt. Kind of suboptimal. :-(
>
> Any idea when this is fixed?
>
> [1] https://bugzilla.redhat.com/show_bug.cgi?id=962792

Hi John,

I'm unable to replicate this 'issue' on my up to date Wheezy laptop.

gavin@caelyn:~$ uname -a
Linux caelyn 3.2.0-4-amd64 #1 SMP Debian 3.2.41-2 x86_64 GNU/Linux

When I run the compiled binary of this exploit as my unprivileged user
I get the following error:-

gavin@caelyn:~$ ./getroot
2.6.37-3.x x86_64
sd@f***sheep.org 2010
getroot: getroot.c:81: main: Assertion `p = memmem(code, 1024,
&needle, 8)' failed.
Aborted

What kernel are you able to replicate this bug with ?

Reply to:

Follow-Ups:
- Re: Wheezy is vulnerable to CVE-2013-2094
  - From: John Andreasson <andreassonjohn@gmail.com>
- Re: Wheezy is vulnerable to CVE-2013-2094
  - From: Gerald Turner <gturner@unzane.com>

References:
- Wheezy is vulnerable to CVE-2013-2094
  - From: John Andreasson <andreassonjohn@gmail.com>

Prev by Date: Wheezy is vulnerable to CVE-2013-2094
Next by Date: Re: Wheezy is vulnerable to CVE-2013-2094
Previous by thread: Wheezy is vulnerable to CVE-2013-2094
Next by thread: Re: Wheezy is vulnerable to CVE-2013-2094
Index(es):
- Date
- Thread