VectorLinux

Please login or register.

Login with username, password and session length
Advanced search  

News:

Visit our home page for VL info. For support and documentation, visit the Vector Linux Knowledge Center or search the Knowledge Center and this Forum using the search box above.

Pages: [1] 2 3

Author Topic: Danger! New exploit - VL standard vulnerable!  (Read 28499 times)

Witek Mozga

  • Vectorite
  • ***
  • Posts: 113
    • Witek Mozga`s Webpages
Danger! New exploit - VL standard vulnerable!
« on: February 11, 2008, 07:19:58 am »


Hi!

I just tested new exploit and it works in VL-STD9:
http://www.securityfocus.com/data/vulnerabilities/exploits/27704.c

Just compile as a user using gcc and run output file (a.out). You are root!
More here:
http://www.securityfocus.com/bid/27704

It looks the kernel must be upgraded asap.

exeterdad

  • Packager
  • Vectorian
  • ****
  • Posts: 2046
Re: Danger! New exploit - VL standard vulnerable!
« Reply #1 on: February 11, 2008, 07:34:16 am »

Holy crap!  He's right.  I compiled and ran it.  Boom! I'm root, no complaints.

This may be a fix for those that can't upgrade the kernel for whatever reason.
https://tyneside.lug.org.uk/news.php?callmodule=All%20news%20articles&startarticle=0&select=50
« Last Edit: February 11, 2008, 07:43:28 am by exeterdad »
Logged

M0E-lnx

  • Administrator
  • Vectorian
  • *****
  • Posts: 3234
Re: Danger! New exploit - VL standard vulnerable!
« Reply #2 on: February 11, 2008, 08:11:16 am »

Something in me says "This is kool man!"... but then again, I must do the right thing...

So the hack works...

Glad to report that the fix works too... tested it here and it does work.
Thanks exeterdad

uelsk8s

  • Administrator
  • Vectorian
  • *****
  • Posts: 2504
Re: Danger! New exploit - VL standard vulnerable!
« Reply #3 on: February 11, 2008, 08:17:42 am »

can you make the kernel module available for 2.6.22.14 (the 5.9) kernel at least?
Logged

joec

  • Member
  • *
  • Posts: 29
Re: Danger! New exploit - VL standard vulnerable!
« Reply #4 on: February 11, 2008, 01:52:57 pm »

This is not a remote vulnerability  - correct?
Logged

uelsk8s

  • Administrator
  • Vectorian
  • *****
  • Posts: 2504
Re: Danger! New exploit - VL standard vulnerable!
« Reply #5 on: February 11, 2008, 02:01:10 pm »

This is not a remote vulnerability  - correct?
If I can remotely connect to your computer then it is.

we have put together a package with the module.
It installs the module then adds it to rc.modules so it will be inserted on boot, and then inserts the module.
you can get it with slapt-get "slapt-get --update && slapt-get --install novmsplice" or with gslapt


Uelsk8s
Logged

rbistolfi

  • Packager
  • Vectorian
  • ****
  • Posts: 2305
Re: Danger! New exploit - VL standard vulnerable!
« Reply #6 on: February 11, 2008, 05:54:15 pm »

The package worked great, I tried the exploit and it works, is a serious thing. Should be the fix properly announced so we make sure most of the users will catch it?
Logged
"There is a concept which corrupts and upsets all others. I refer not to Evil, whose limited realm is that of ethics; I refer to the infinite."
Jorge Luis Borges, Avatars of the Tortoise.

--
Jumalauta!!

hata_ph

  • Packager
  • Vectorian
  • ****
  • Posts: 3261
  • -- Just being myself --
Re: Danger! New exploit - VL standard vulnerable!
« Reply #7 on: February 11, 2008, 07:51:13 pm »

a howto would be nice.........
Logged

rbistolfi

  • Packager
  • Vectorian
  • ****
  • Posts: 2305
Re: Danger! New exploit - VL standard vulnerable!
« Reply #8 on: February 11, 2008, 09:31:33 pm »

a howto would be nice.........

It is really easy, you have to type as root

Code: [Select]
slapt-get --update && slapt-get --install novmsplice
« Last Edit: February 22, 2008, 06:43:33 pm by rbistolfi »
Logged
"There is a concept which corrupts and upsets all others. I refer not to Evil, whose limited realm is that of ethics; I refer to the infinite."
Jorge Luis Borges, Avatars of the Tortoise.

--
Jumalauta!!

hata_ph

  • Packager
  • Vectorian
  • ****
  • Posts: 3261
  • -- Just being myself --
Re: Danger! New exploit - VL standard vulnerable!
« Reply #9 on: February 12, 2008, 03:29:16 am »

Done. But the package is excluded if you view it by using gslapt......
 :P :P
Logged

rbistolfi

  • Packager
  • Vectorian
  • ****
  • Posts: 2305
Re: Danger! New exploit - VL standard vulnerable!
« Reply #10 on: February 12, 2008, 04:50:36 am »

hehe, right. I guess it is in the "kernel category". I think they are excluded because Gslapt will upgrade it by default, so there is no way to keep the old kernel. If something goes wrong, would be hard to fix. Perhaps there is a way, I don't use Gslapt very often... slapt-get is more easy imo. Less options, a more clear view, there is nothing in the way.
« Last Edit: February 12, 2008, 04:52:33 am by rbistolfi »
Logged
"There is a concept which corrupts and upsets all others. I refer not to Evil, whose limited realm is that of ethics; I refer to the infinite."
Jorge Luis Borges, Avatars of the Tortoise.

--
Jumalauta!!

overclockedmind

  • Member
  • *
  • Posts: 6
Re: Danger! New exploit - VL standard vulnerable!
« Reply #11 on: February 27, 2008, 02:41:02 pm »

I would just like to chime in on the topic, and say a big thank you for paying prompt attention to this matter. I keep my ear to the ground on this kind of thing, and it was very telling that we had a fix in short order.

Keep it up, we notice the hard work!

-- Joshua
Logged

InTheWoods

  • Vectorite
  • ***
  • Posts: 302
Re: Danger! New exploit - VL standard vulnerable!
« Reply #12 on: March 24, 2008, 04:35:02 pm »

I just did a fresh install of 5.9 and remembered this post. I would just like to add that
Code: [Select]
slapt-get --update && slapt-get --install novmsplicedoes not work on a fresh install untill you update Gslapt.
Logged

overthere

  • Vectorian
  • ****
  • Posts: 1355
Re: Danger! New exploit - VL standard vulnerable!
« Reply #13 on: June 02, 2008, 04:49:37 am »

Just stumbled on this...may have seen it if posted in security advisory as I always look there but have seen nada...may be I missed other important patches maybe even a kernal update...Hmmm..
Logged
Everything Is Relative

sledgehammer

  • Vectorian
  • ****
  • Posts: 1465
Re: Danger! New exploit - VL standard vulnerable!
« Reply #14 on: September 17, 2008, 11:09:35 pm »

I just tried the "fix" on my 5.9 standard system.  After it finished running, I got the message:

Quote
Executing install script for novmsplice-1.0_2.6.22.14-i586-1vl59...
Done

Would someone let me know if this "fix" was not necessary?  I plan on administering it to several other machines.

John
Logged
VL7.0 xfce4 Samsung RF511
Pages: [1] 2 3