Bugtraq mailing list archives
Re: [Full-disclosure] Linux kernel exploit
From: Marcus Meissner <meissner () suse de>
Date: Wed, 8 Dec 2010 15:26:56 +0100
On Wed, Dec 08, 2010 at 12:44:09AM +0300, Kai wrote:
> Anyone tested this in sandbox yet? 00:37 linups:../expl/kernel > cat /etc/*release* openSUSE 11.3 (i586) VERSION = 11.3 00:37 linups:../expl/kernel > uname -r 2.6.34.4-0.1-desktop 00:37 linups:../expl/kernel > gcc _2.6.37.local.c -o test 00:37 linups:../expl/kernel > ./test [*] Failed to open file descriptors.
openSUSE 11.2 and 11.3 do not have ECONET compiled,
openSUSE 11.1 has ECONET, but not the 0 ptr deref issue.
The CVE-2010-4258 problem is however in all openSUSEs.
Temporary workaround (for all distributions, not just openSUSE):
echo 1 > /proc/sys/kernel/panic_on_oops
This will now panic the machine instead of making it exploitable.
Ciao, Marcus
Current thread:
- Re: [Full-disclosure] Linux kernel exploit Kai (Dec 08)
- Re: [Full-disclosure] Linux kernel exploit Marcus Meissner (Dec 08)
- Re: [Full-disclosure] Linux kernel exploit niklas|brueckenschlaeger (Dec 09)
- <Possible follow-ups>
- Re: Re: [Full-disclosure] Linux kernel exploit firebits (Dec 13)
- Re: [Full-disclosure] Linux kernel exploit Ariel Biener (Dec 15)
- Message not available
- Re: [Full-disclosure] Linux kernel exploit dan . j . rosenberg (Dec 14)
- Re: [Full-disclosure] Linux kernel exploit Ariel Biener (Dec 15)
- Re: [Full-disclosure] Linux kernel exploit Ryan Sears (Dec 15)