[Owasp-Malaysia] ALERT; old kernel bug rears its head

Muhammad Najmi Ahmad Zabidi najmi.zabidi at gmail.com
Wed Sep 15 22:34:18 EDT 2010


---------- Forwarded message ----------
From: John Moore <jbmoore61 at gmail.com>
Date: Thu, Sep 16, 2010 at 6:42 AM
Subject: [Nepenthes-devel] old kernel bug rears its head
To: nepenthes-devel at lists.sourceforge.net


This isn't a big deal but this article talks about an old Linux local
exploit vulnerability that resurfaced:
http://www.theregister.co.uk/2010/09/15/linux_kernel_regression_bug/

On my Debian laptop running kernel 2.6.30-1.slh.3-sidux-amd64, the
exploit doesn't elevate privileges:
jbmoore at harder:~/Desktop$ ./robert
resolved symbol commit_creds to 0xffffffff8026d5c0
resolved symbol prepare_kernel_cred to 0xffffffff8026d3f0
mapping at 3f80000000
UID 1000, EUID:1000 GID:1000, EGID:1000

But on Ubuntu 10.04, 2.6.32-21-generic running on a AMD64 bit system,

jbmoore at wasp:~$ ./robert
resolved symbol commit_creds to 0xffffffff8108bbb0
resolved symbol prepare_kernel_cred to 0xffffffff8108bf90
mapping at 3f80000000
UID 0, EUID:0 GID:0, EGID:0
# uname -r
2.6.32-21-generic


privileges are elevated. CentOS and Redhat 5.5 x86_64 aren't
vulnerable because of a different glibc version. RedHat 6 may be a
different story, but I haven't checked. The live DVD isn't affected
because it's 32-bit, but if anyone plans to build an x86_64 bit
honeypot, you might want to wait for the patch or use CentOS rather
than the latest Ubuntu 64-bit OS.


More information about the Owasp-Malaysia mailing list