vmsplice Local Root Kernel exploit patch
Credits: #ubuntu-my Freenode, ubuntu.com.my forum.
A nasty local root kernel exploit surfaced yesterday morning which exploits up a vulnerability in the kernel’s memory mapping via vmsplice. Affected kernel versions are from 2.6.18 to 2.6.24.1. originally mistaken as a Debian-derivates-only local exploit, but some claims that it works on ALL linux kernel that has vmsplice enabled. I’d suggest you guys to test your machines and patch them if they’re vulnerable to it ASAP.
Patch Source: http://aphesz.org/x0010/vmsplice-patch.c
Patch Binary: http://aphesz.org/x0010/patch.vmsplice (compiled on Debian Etch w/ gcc4.1.2)
p/s: this is just a temporary fix. your system is back to being exploitable after it got rebooted
UPDATE3 (01:23 – 13/02/2008): Ubuntu releases patched kernel images into repository.
UPDATE2 (21:58 – 11/02/2008): Debian has officially released a kernel update which addresses the mmap / vmsplice issue. No word from Ubuntu SecList just yet tho.
UPDATE1: streuner@#debian Freenode created an unofficial patched version of linux-image-2.6.18-6 that disables vmsplice. Add:
deb http://134.2.34.20/blank/debian/linux-2.6/ ./
to your sources.list and upgrade away.
Cheers :)
– aphesz
2 Responses
to “vmsplice Local Root Kernel exploit patch”
Sorry, comments for this entry are closed at this time.
Just Patch avail here?
Im Looking for a Precompiled Exploit
Hahahahahahahahahahahahah
:D
hahahah u already got the precompiled one. LOLOL