Nie jesteś zalogowany.
Jeśli nie posiadasz konta, zarejestruj je już teraz! Pozwoli Ci ono w pełni korzystać z naszego serwisu. Spamerom dziękujemy!
Prosimy o pomoc dla małej Julki — przekaż 1% podatku na Fundacji Dzieciom zdazyć z Pomocą.
Więcej informacji na dug.net.pl/pomagamy/.
rozpisałem się troszkę o tej luce na moim blogu
http://tbhthelolmaker.wordpress.com/2008/02/10/exploit/
zapraszam do zapoznania się z treścią , szczególnie właścicieli nowych jąderek
Offline
Aktualizacja do wersji 2.6.24.1 rozwiązuje ten problem.[/quote]
czyli mnie już nie dotyczy ,
mam kernel dla sida z
[url]http://wiki.debian.org/DebianKernel[/url]arturek@debian:~$ dpkg -l |grep 2.6.24
ii linux-headers-2.6.24-1-686 2.6.24-4~snapshot.10443 Header files for Linux 2.6.24 on PPro/Celeron/PII/PIII/P4
ii linux-headers-2.6.24-1-common 2.6.24-4~snapshot.10443 Common header files for Linux 2.6.24
ii linux-image-2.6.24-1-686 2.6.24-4~snapshot.10443 Linux 2.6.24 image on PPro/Celeron/PII/PIII/P4
ii linux-kbuild-2.6.24 2.6.24-1 Kbuild infrastructure for Linux 2.6.24
ii linux-libc-dev 2.6.24-4~snapshot.10443 Linux Kernel Headers for development
ii nvidia-kernel-2.6.24-1-686 169.09-1+2.6.24-4~snapshot.10443 NVIDIA binary kernel module for Linux 2.6.24-1-686[/quote]
sprawdzałem nie działa ,
na tym kernelu nieuprzywilejowany użytkownik nie uzyskuje praw rootaOstatnio edytowany przez arturek (2008-02-10 20:02:53)
Debian “buster” XfceOffline
Jest jeszcze jeden exploit o którym nie będę pisać dopóki luka nie będzie załatana, łapie wszystko od 2.6.17 do 2.6.24.1
u mnie bezpieczne dopiero po zapatchowaniu grseurity
Offline
mafi@arch Desktop]$ ./a.out ———————————– Linux vmsplice Local Root Exploit By qaaz ———————————– [+] mmap: 0×0 .. 0×1000 [+] page: 0×0 [+] page: 0×20 [+] mmap: 0×4000 .. 0×5000 [+] page: 0×4000 [+] page: 0×4020 [+] mmap: 0×1000 .. 0×2000 [+] page: 0×1000 [+] mmap: 0xb7dd3000 .. 0xb7e05000 [-] vmsplice: Bad address [mafi@arch Desktop]$
Testowałem na tym: http://www.milw0rm.com/exploits/5092
A kernel mam:
[mafi@arch Desktop]$ uname -a Linux arch 2.6.24-ARCH #1 SMP PREEMPT Sun Feb 10 15:21:33 UTC 2008 i686 Intel(R) Core(TM)2 Duo CPU T7500 @ 2.20GHz GenuineIntel GNU/Linux
a na http://www.milw0rm.com/exploits/5093:
[mafi@arch Desktop]$ gcc cos.c cos.c:147:28: warning: no newline at end of file [mafi@arch Desktop]$ ./a.out ----------------------------------- Linux vmsplice Local Root Exploit By qaaz ----------------------------------- [+] addr: 0xc0120740 [-] wtf [mafi@arch Desktop]$
Ostatnio edytowany przez Mafioss (2008-02-11 19:14:14)
Offline
Dla Debiana Sid nowy kernel już w [url]http://incoming.debian.org/[/url] ,
czyli za chwile w repozytoriach
arturek@debian:~$ dpkg -l |grep 2.6.24
ii linux-headers-2.6.24-1-686 2.6.24-4 Header files for Linux 2.6.24 on PPro/Celeron/PII/PIII/P4
ii linux-headers-2.6.24-1-common 2.6.24-4 Common header files for Linux 2.6.24
ii linux-image-2.6.24-1-686 2.6.24-4 Linux 2.6.24 image on PPro/Celeron/PII/PIII/P4
ii linux-kbuild-2.6.24 2.6.24-1 Kbuild infrastructure for Linux 2.6.24
ii linux-libc-dev 2.6.24-4 Linux Kernel Headers for development[/quote]arturek@debian:~/bug$ chmod +x exploit1.out
arturek@debian:~/bug$ ./exploit1.out
-----------------------------------
Linux vmsplice Local Root Exploit
By qaaz
-----------------------------------
[+] mmap: 0x0 .. 0x1000
[+] page: 0x0
[+] page: 0x20
[+] mmap: 0x4000 .. 0x5000
[+] page: 0x4000
[+] page: 0x4020
[+] mmap: 0x1000 .. 0x2000
[+] page: 0x1000
[+] mmap: 0xb7d6f000 .. 0xb7da1000
[-] vmsplice: Bad address
arturek@debian:~/bug$[/quote]
czyli już poprawili
Debian “buster” XfceOffline
nie poprawili, kernel 2.6.24.1 dalej jest zabugowany, dopiero dzisiaj wydany 2.6.24.2 poprawia sprawe
Offline
Tak jest TBH:
qbsiu@siusiak: ~ % ./wirusek ----------------------------------- Linux vmsplice Local Root Exploit By qaaz ----------------------------------- [+] mmap: 0x0 .. 0x1000 [+] page: 0x0 [+] page: 0x20 [+] mmap: 0x4000 .. 0x5000 [+] page: 0x4000 [+] page: 0x4020 [+] mmap: 0x1000 .. 0x2000 [+] page: 0x1000 [+] mmap: 0xb7e1e000 .. 0xb7e50000 [-] vmsplice: Bad address qbsiu@siusiak: ~ % whoami qbsiu qbsiu@siusiak: ~ % uname -a Linux siusiak 2.6.24.2-qbsiu #1 SMP PREEMPT Mon Feb 11 10:25:47 CET 2008 i686 AMD Athlon(tm) 64 Processor 3200+ AuthenticAMD GNU/Linux
Offline
to już jest ten nowy 2.6.24.2
linux-2.6 (2.6.24-4) unstable; urgency=low
* Add stable release 2.6.24.1:
- splice: missing user pointer access verification (CVE-2008-0009/10)
- drm: the drm really should call pci_set_master..
- Driver core: Revert "Fix Firmware class name collision"
- fix writev regression: pan hanging unkillable and un-straceable
- sched: fix high wake up latencies with FAIR_USER_SCHED
- sched: let +nice tasks have smaller impact
- b43: Reject new firmware early
- selinux: fix labeling of /proc/net inodes
- b43legacy: fix DMA slot resource leakage
- b43legacy: drop packets we are not able to encrypt
- b43legacy: fix suspend/resume
- b43legacy: fix PIO crash
- b43: Fix dma-slot resource leakage
- b43: Drop packets we are not able to encrypt
- b43: Fix suspend/resume
- sky2: fix for WOL on some devices
- sky2: restore multicast addresses after recovery
- x86: restore correct module name for apm
- ACPI: update ACPI blacklist
- PCI: Fix fakephp deadlock
- sys_remap_file_pages: fix ->vm_file accounting
- lockdep: annotate epoll
- forcedeth: mac address mcp77/79
- USB: Fix usb_serial_driver structure for Kobil cardreader driver.
- USB: handle idVendor of 0x0000
- USB: fix usbtest halt check on big endian systems
- USB: storage: Add unusual_dev for HP r707
- USB: Variant of the Dell Wireless 5520 driver
- USB: use GFP_NOIO in reset path
- USB: ftdi driver - add support for optical probe device
- USB: pl2303: add support for RATOC REX-USB60F
- USB: remove duplicate entry in Option driver and Pl2303 driver for Huawei modem
- USB: sierra: add support for Onda H600/Zte MF330 datacard to USB Driver for Sierra Wireless
- USB: ftdi-sio: Patch to add vendor/device id for ATK_16IC CCD
- USB: ftdi_sio - enabling multiple ELV devices, adding EM1010PC
- USB: sierra driver - add devices
- USB: Adding YC Cable USB Serial device to pl2303
- USB: Sierra - Add support for Aircard 881U
- USB: add support for 4348:5523 WinChipHead USB->RS 232 adapter
- USB: CP2101 New Device IDs
- usb gadget: fix fsl_usb2_udc potential OOPS
- USB: keyspan: Fix oops
- vm audit: add VM_DONTEXPAND to mmap for drivers that need it (CVE-2008-0007)
- slab: fix bootstrap on memoryless node
- DVB: cx23885: add missing subsystem ID for Hauppauge HVR1800 Retail
[ Martin Michlmayr ]
* [arm/ixp4xx] Enble ATA_OVER_ETH, requested by Nicola Fankhauser.
* [arm/iop32x] Enble ATA_OVER_ETH.
[ Bastian Blank ]
[color=#FF0000] * Add stable release 2.6.24.2:[/color]
- splice: fix user pointer access in get_iovec_page_array()
(CVE-2008-0600, closes: #464945)
— Bastian Blank <waldi@debian.org> Mon, 11 Feb 2008 12:29:23 +0100[/quote]
Debian “buster” Xfce
Offline
nok a co powiecie na to : od 2.6.17 -2.6.24 :(
http://www.milw0rm.com/exploits/5092
bo u mnie na 2.6.18 to :
http://img98.imageshack.us/my.php?image=kuzwatg8.png
ładne klocki :P
ps zrodlo do linka z exploitem :
http://debian.linux.pl/viewtopic.php?p=45261#45261
Ostatnio edytowany przez aki (2008-02-11 20:53:54)
Offline
to sie narobiło
Offline
[quote=Yampress]to sie narobiło[/quote]
atam najlepszym się zdarza :P mnie to nie dotyczy ale szkoda ludzi co shelle udostępniają :P
Offline
nie mam nowego kernela sie mi niechce kompilować ale ........http://img412.imageshack.us/my.php?image=zrzutekranugq7.png
Offline
initrd ??
jak ja wogóle miałem system plików na partycji spieprzony, niczym tego nie umiałem zamontować (próbowałem w livecd, próbowaem z innego Linuxa z dysku...) po prostu partycja poszła się walić :|
Offline
Time (s) | Query |
---|---|
0.00013 | SET CHARSET latin2 |
0.00009 | SET NAMES latin2 |
0.00126 | SELECT u.*, g.*, o.logged FROM punbb_users AS u INNER JOIN punbb_groups AS g ON u.group_id=g.g_id LEFT JOIN punbb_online AS o ON o.ident='3.128.255.168' WHERE u.id=1 |
0.00100 | REPLACE INTO punbb_online (user_id, ident, logged) VALUES(1, '3.128.255.168', 1731733264) |
0.00058 | SELECT * FROM punbb_online WHERE logged<1731732964 |
0.00144 | DELETE FROM punbb_online WHERE ident='54.197.102.71' |
0.00075 | SELECT topic_id FROM punbb_posts WHERE id=83106 |
0.00008 | SELECT id FROM punbb_posts WHERE topic_id=10578 ORDER BY posted |
0.00064 | SELECT t.subject, t.closed, t.num_replies, t.sticky, f.id AS forum_id, f.forum_name, f.moderators, fp.post_replies, 0 FROM punbb_topics AS t INNER JOIN punbb_forums AS f ON f.id=t.forum_id LEFT JOIN punbb_forum_perms AS fp ON (fp.forum_id=f.id AND fp.group_id=3) WHERE (fp.read_forum IS NULL OR fp.read_forum=1) AND t.id=10578 AND t.moved_to IS NULL |
0.00006 | SELECT search_for, replace_with FROM punbb_censoring |
0.00199 | SELECT u.email, u.title, u.url, u.location, u.use_avatar, u.signature, u.email_setting, u.num_posts, u.registered, u.admin_note, p.id, p.poster AS username, p.poster_id, p.poster_ip, p.poster_email, p.message, p.hide_smilies, p.posted, p.edited, p.edited_by, g.g_id, g.g_user_title, o.user_id AS is_online FROM punbb_posts AS p INNER JOIN punbb_users AS u ON u.id=p.poster_id INNER JOIN punbb_groups AS g ON g.g_id=u.group_id LEFT JOIN punbb_online AS o ON (o.user_id=u.id AND o.user_id!=1 AND o.idle=0) WHERE p.topic_id=10578 ORDER BY p.id LIMIT 0,25 |
0.00093 | UPDATE punbb_topics SET num_views=num_views+1 WHERE id=10578 |
Total query time: 0.00895 s |