Re: Wheezy is vulnerable to CVE-2013-2094

[nnex <nnex@mail.ru>]

Hi all.
I'm confirm exploit is working on Debian wheezy with kernel 
3.2.0-4-rt-amd64 with gcc -O2 options

On 05/15/2013 12:20 AM, Gavin wrote:
> On 14 May 2013 19:41, Gerald Turner<gturner@unzane.com>  wrote:
> > Gavin<netmatters@gmail.com>  writes:
> > > On 14 May 2013 18:36, John Andreasson<andreassonjohn@gmail.com>  wrote:
> > > > Was just alerted of a kernel bug in RHEL [1], but when testing the
> > > > sample code on Wheezy as an unprivileged user it successfully gives
> > > > me a root prompt. Kind of suboptimal. :-(
> > > >
> > > > Any idea when this is fixed?
> > > >
> > > > [1] https://bugzilla.redhat.com/show_bug.cgi?id=962792
> > > Hi John,
> > >
> > > I'm unable to replicate this 'issue' on my up to date Wheezy laptop.
> > >
> > > gavin@caelyn:~$ uname -a
> > > Linux caelyn 3.2.0-4-amd64 #1 SMP Debian 3.2.41-2 x86_64 GNU/Linux
> > >
> > > When I run the compiled binary of this exploit as my unprivileged user
> > > I get the following error:-
> > >
> > > gavin@caelyn:~$ ./getroot
> > > 2.6.37-3.x x86_64
> > > sd@f***sheep.org 2010
> > > getroot: getroot.c:81: main: Assertion `p = memmem(code, 1024,
> > > &needle, 8)' failed.
> > > Aborted
> > >
> > > What kernel are you able to replicate this bug with ?
> > At first I thought the same thing, however compile with -O2:
> >
> > $ gcc -O2 semtex.c&&  ./a.out
> > 2.6.37-3.x x86_64
> > sd@fucksheep.org 2010
> > root@xo-laptop:/tmp# uname -a
> > Linux xo-laptop 3.2.0-4-amd64 #1 SMP Debian 3.2.41-2 x86_64 GNU/Linux
> Ok, if I compile with the -O2 then I don't get a root shell, however
> my kernel panics with:-
>
> BUG: unable to handle kernel paging request at xxxxxxxxxxxxx.
>
> Still not ideal.
>
> Thanks for the heads-up!