oss-sec mailing list archives
Re: Re: Linux kernel: CVE-2017-18344: arbitrary-read vulnerability in the timer subsystem
From: Simon McVittie <smcv () debian org>
Date: Thu, 9 Aug 2018 16:27:38 +0100
On Thu, 09 Aug 2018 at 16:21:03 +0200, Andrey Konovalov wrote:
See the comment in the exploit source code for a usage example that shows how to read /etc/shadow on Ubuntu xenial 4.13.0-38-generic
Note that because of the way Debian and Ubuntu kernels are packaged, this is an "ABI version" describing a class of kernels with compatible module ABIs, not a specific version number. The version number for Ubuntu kernels looks like 4.13.0-38.43~16.04.1 or similar. If you are illustrating how to reproduce an exploit against a specific binary kernel, you'll probably want to quote both the package name and the version number: for example https://packages.ubuntu.com/xenial/linux-image-4.13.0-38-generic currently lists "linux-image-4.13.0-38-generic (4.13.0-38.43~16.04.1)". smcv
Current thread:
- Linux kernel: CVE-2017-18344: arbitrary-read vulnerability in the timer subsystem Andrey Konovalov (Aug 02)
- Re: Linux kernel: CVE-2017-18344: arbitrary-read vulnerability in the timer subsystem Andrey Konovalov (Aug 09)
- Re: Re: Linux kernel: CVE-2017-18344: arbitrary-read vulnerability in the timer subsystem Simon McVittie (Aug 09)
- Re: Linux kernel: CVE-2017-18344: arbitrary-read vulnerability in the timer subsystem Andrey Konovalov (Aug 09)