Page 3 of 3 FirstFirst 123
Results 21 to 22 of 22

Thread: Linux Kernel Exploit Affecting Linux 3.3 To Linux 3.8

  1. March 13th, 2013 #21
    samiux's Avatar
    samiux
    samiux is offline Way Too Much Ubuntu
    Join Date
    Aug 2006
    Location
    Somewhere in the hell
    Beans
    294
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: Linux Kernel Exploit Affecting Linux 3.3 To Linux 3.8

    Quote Originally Posted by Stonecold1995 View Post
    Does anyone know if there's non-PoC exploit source code anywhere (aside from on the deep web)? The PoC I found only worked on a few Fedora kernels, and didn't do much. Is there a version that works on most/all Linux distros with the vulnerable kernels? I don't want to find it for malicious purposes, but because I want to test it on a few machines I have that run Linux (like my Kindle) to see if they're vulnerable.

    If I'm not allowed to ask this then I appologise, please delete my post.
    The available PoC (Proof of Concept) exploit code is for Fedora and Ubuntu as well as Arch only. It is available for ethical and malicious hackers. Please read my blog at here for the details. If you want to have PoC exploit code for other distributions, you need to develop one for the purpose.

    The following is quoted from my blog :

    The affected Linux kernel is from 3.0.8 to 3.7.9. The most common Linux distributions such as Fedora and Ubuntu are affected. Fedora 16 to 18 with the kernel before 3.7.9-205.fc18 are affected. Ubuntu 12.04 LTS to 12.10 (including the 13.04 which is under development at this writing) with the kernel before 3.5.0-25.39 are affected.
    For Ubuntu (with kernel version 3.x), you need to change the source code for each version of the kernel. However, for Fedora, it works on the 3.x kernel between Fedora 16 and 18 and before kernel version 3.7.9-205.fc18.

    It is more harder for the ones, who do not have InfoSec knowledge, want to exploit Ubuntu.

    In my opinion, if we cannot discuss the vulnerabilities here, the sub-forum "Security Discussion" should be closed for all. "Coin has two sides."

    Samiux
    Advanced reply Adv Reply  
  2. March 13th, 2013 #22
    samiux's Avatar
    samiux
    samiux is offline Way Too Much Ubuntu
    Join Date
    Aug 2006
    Location
    Somewhere in the hell
    Beans
    294
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: Linux Kernel Exploit Affecting Linux 3.3 To Linux 3.8

    Quote Originally Posted by Stonecold1995 View Post
    Code:
    deb http://ppa.launchpad.net/kernel-ppa/pre-proposed/ubuntu quantal main
deb-src http://ppa.launchpad.net/kernel-ppa/pre-proposed/ubuntu quantal main
    For some reason, it doesn't always seem to give me automatic updates, so I have to do apt-get update and then type "sudo apt-get install linux-linux-headers-3.5.0-2" and then press tab twice so I get a list of packages that match that, and install any newer version there is.
    Back to official kernel or check the kernel with the PoC exploit code yourself to confirm.

    Samiux
    Advanced reply Adv Reply  
Page 3 of 3 FirstFirst 123
« Previous Thread | Next Thread »

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Ubuntu Forums Code of Conduct