Page 3 of 4 FirstFirst 1234 LastLast
Results 21 to 30 of 34

Thread: 2.x kernel exploits and workarounds

  1. #21
    Join Date
    Mar 2006
    Location
    Williams Lake
    Beans
    Hidden!
    Distro
    Ubuntu Development Release

    Re: 2.x kernel exploits and workarounds

    I just updated my laptop running Jaunty for the first time in a month and a half . I got the proper new kernel.

    Code:
    Linux mcleese 2.6.28-15-generic #49-Ubuntu SMP Tue Aug 18 18:40:08 UTC 2009 i686 GNU/Linux

  2. #22
    Join Date
    Aug 2009
    Beans
    4

    Re: 2.x kernel exploits and workarounds

    Quote Originally Posted by cariboo907 View Post
    I just updated my laptop running Jaunty for the first time in a month and a half . I got the proper new kernel.

    Code:
    Linux mcleese 2.6.28-15-generic #49-Ubuntu SMP Tue Aug 18 18:40:08 UTC 2009 i686 GNU/Linux
    Must not be in the stream for 8.04 yet then.

    ii linux-image-2.6.24-23-server 2.6.24-23.52 Linux kernel image for version 2.6.24 on x86
    ii linux-image-server 2.6.24.23.25 Linux kernel image on Server Equipment.
    ii linux-server 2.6.24.23.25 Complete Linux kernel on Server Equipment.
    ii linux-ubuntu-modules-2.6.24-23-server 2.6.24-23.37 Ubuntu supplied Linux modules for version 2.

  3. #23
    Join Date
    Mar 2007
    Location
    Denver, CO
    Beans
    7,958
    Distro
    Ubuntu Mate 16.04 Xenial Xerus

    Re: 2.x kernel exploits and workarounds

    What if your not running Jaunty? Are security patches supposed to be released to older distro's for a given lifespan?

  4. #24
    Join Date
    Feb 2008
    Beans
    606
    Distro
    Ubuntu 11.04 Natty Narwhal

    Re: 2.x kernel exploits and workarounds

    Quote Originally Posted by kevdog View Post
    What if your not running Jaunty? Are security patches supposed to be released to older distro's for a given lifespan?
    See the previously posted URL:

    http://www.ubuntu.com/usn/usn-819-1

  5. #25
    Join Date
    Jul 2009
    Location
    San Diego
    Beans
    102

    Re: 2.x kernel exploits and workarounds

    http://blog.cr0.org/2009/08/linux-nu...ce-due-to.html
    Thursday, August 13, 2009

    Linux NULL pointer dereference due to incorrect proto_ops initializations (CVE-2009-2692)

    EDIT2: Here is RedHat's official mitigation recommendation
    EDIT3: Brad Spengler also wrote an exploit for this and published it. The bug triggering is based on our exploit which leaked to Brad though the private vendor-sec mailing list. He implements the personality trick Tavis and I published in June to bypass mmap_min_addr and also makes use of a feature that allows any unconfined user to gain the right to map at address zero in Redhat's default SELinux policy. He wrote a reliable shellcode for this one that should work pretty much anywhere on x86 and x86_64 machines.
    EDIT4: if you use Debian or Ubuntu on your machine, I have specifically updated the kernelsec Debian/Ubuntu GrSecurity packages to protect against this bug and others.


    http://kernelsec.cr0.org/

  6. #26
    Join Date
    Mar 2007
    Location
    Denver, CO
    Beans
    7,958
    Distro
    Ubuntu Mate 16.04 Xenial Xerus

    Re: 2.x kernel exploits and workarounds

    Quote Originally Posted by movieman View Post
    See the previously posted URL:

    http://www.ubuntu.com/usn/usn-819-1
    Thanks -- that update was picked up automatically and installed by the updater - amazing when things work like they are supposed too

  7. #27
    Join Date
    Apr 2006
    Location
    Montana
    Beans
    Hidden!
    Distro
    Kubuntu Development Release

    Re: 2.x kernel exploits and workarounds

    Quote Originally Posted by MartinEve View Post
    There are now 2 working local root exploits in the wild for all variants of 2.x Linux Kernel, including all those shipped with Ubuntu.

    See http://www.kernelpodcast.org/2009/08...ernel-podcast/ for more.

    While kernel 2.6.31-rc6 contains the fix, are there any workarounds or measures that can be taken by individuals users in the meantime to mitigate against such an attack?

    Martin
    What makes you think you were vulnerable ?

    From http://www.ubuntu.com/usn/usn-819-1

    A local attacker could exploit this to gain root privileges. By default, Ubuntu 8.04 and later with a non-zero /proc/sys/vm/mmap_min_addr setting were not vulnerable.
    So first a cracker would need local access and second that report states Ubuntu 8.04 and later were not vulnerable.

    In the first instance, if a cracker has local access, you are pwned already.

    In the second instance, did you change the settings or are you running an earlier version of Ubuntu ?
    There are two mistakes one can make along the road to truth...not going all the way, and not starting.
    --Prince Gautama Siddharta

    #ubuntuforums web interface

  8. #28
    Join Date
    Feb 2008
    Beans
    606
    Distro
    Ubuntu 11.04 Natty Narwhal

    Re: 2.x kernel exploits and workarounds

    Quote Originally Posted by bodhi.zazen View Post
    So first a cracker would need local access and second that report states Ubuntu 8.04 and later were not vulnerable.
    By default.

    If you installed Wine, then you were 100% vulnerable, because it changes the default behaviour to allow mapping page zero.

  9. #29
    Join Date
    Aug 2009
    Beans
    4

    Re: 2.x kernel exploits and workarounds

    Quote Originally Posted by bodhi.zazen View Post
    What makes you think you were vulnerable ?

    From http://www.ubuntu.com/usn/usn-819-1



    So first a cracker would need local access and second that report states Ubuntu 8.04 and later were not vulnerable.

    In the first instance, if a cracker has local access, you are pwned already.

    In the second instance, did you change the settings or are you running an earlier version of Ubuntu ?

    Local access = someone managing to exploit another service that doesn't yield root, but access to the machine. (whether it's poor code and a malicious script on a web server or some other service being exploited)

    No, didn't mess with settings and no wine is installed on production equipment.. Just want to keep things current should that setting get tampered with by someone or something else, I'd rather not leave the hole to be potentially exposed.

  10. #30
    Join Date
    Apr 2006
    Location
    Montana
    Beans
    Hidden!
    Distro
    Kubuntu Development Release

    Re: 2.x kernel exploits and workarounds

    Quote Originally Posted by bek99 View Post
    Local access = someone managing to exploit another service that doesn't yield root, but access to the machine. (whether it's poor code and a malicious script on a web server or some other service being exploited)
    As I said before, if I have local (physical) access, I have root access. With physical access this is trivial and there is no need to work through such complex algorithms such as kernel or service exploits or root kits or anything like that. Why do you think they keep servers in locked rooms ?
    There are two mistakes one can make along the road to truth...not going all the way, and not starting.
    --Prince Gautama Siddharta

    #ubuntuforums web interface

Page 3 of 4 FirstFirst 1234 LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •