[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Wheezy is vulnerable to CVE-2013-2094

On 14 May 2013 19:41, Gerald Turner <gturner@unzane.com> wrote:
> Gavin <netmatters@gmail.com> writes:
>> On 14 May 2013 18:36, John Andreasson <andreassonjohn@gmail.com> wrote:
>>> Was just alerted of a kernel bug in RHEL [1], but when testing the
>>> sample code on Wheezy as an unprivileged user it successfully gives
>>> me a root prompt. Kind of suboptimal. :-(
>>>
>>> Any idea when this is fixed?
>>>
>>> [1] https://bugzilla.redhat.com/show_bug.cgi?id=962792
>>
>> Hi John,
>>
>> I'm unable to replicate this 'issue' on my up to date Wheezy laptop.
>>
>> gavin@caelyn:~$ uname -a
>> Linux caelyn 3.2.0-4-amd64 #1 SMP Debian 3.2.41-2 x86_64 GNU/Linux
>>
>> When I run the compiled binary of this exploit as my unprivileged user
>> I get the following error:-
>>
>> gavin@caelyn:~$ ./getroot
>> 2.6.37-3.x x86_64
>> sd@f***sheep.org 2010
>> getroot: getroot.c:81: main: Assertion `p = memmem(code, 1024,
>> &needle, 8)' failed.
>> Aborted
>>
>> What kernel are you able to replicate this bug with ?
>
> At first I thought the same thing, however compile with -O2:
>
> $ gcc -O2 semtex.c && ./a.out
> 2.6.37-3.x x86_64
> sd@fucksheep.org 2010
> root@xo-laptop:/tmp# uname -a
> Linux xo-laptop 3.2.0-4-amd64 #1 SMP Debian 3.2.41-2 x86_64 GNU/Linux

Ok, if I compile with the -O2 then I don't get a root shell, however
my kernel panics with:-

BUG: unable to handle kernel paging request at xxxxxxxxxxxxx.

Still not ideal.

Thanks for the heads-up!
Reply to: