VectorLinux
July 31, 2014, 09:29:27 am *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Visit our home page for VL info. To search the old message board go to http://vectorlinux.com/forum1. The first VL forum is temporarily offline until we can find a host for it. Thanks for your patience.
 
Now powered by KnowledgeDex.
   Home   Help Search Login Register  
Please support VectorLinux!
Pages: [1] 2 3
  Print  
Author Topic: Danger! New exploit - VL standard vulnerable!  (Read 25964 times)
Witek Mozga
Vectorite
***
Posts: 113



WWW
« on: February 11, 2008, 07:19:58 am »


Hi!

I just tested new exploit and it works in VL-STD9:
http://www.securityfocus.com/data/vulnerabilities/exploits/27704.c

Just compile as a user using gcc and run output file (a.out). You are root!
More here:
http://www.securityfocus.com/bid/27704

It looks the kernel must be upgraded asap.
Logged

exeterdad
Packager
Vectorian
****
Posts: 2046



« Reply #1 on: February 11, 2008, 07:34:16 am »

Holy crap!  He's right.  I compiled and ran it.  Boom! I'm root, no complaints.

This may be a fix for those that can't upgrade the kernel for whatever reason.
https://tyneside.lug.org.uk/news.php?callmodule=All%20news%20articles&startarticle=0&select=50
« Last Edit: February 11, 2008, 07:43:28 am by exeterdad » Logged
M0E-lnx
Administrator
Vectorian
*****
Posts: 3178



« Reply #2 on: February 11, 2008, 08:11:16 am »

Something in me says "This is kool man!"... but then again, I must do the right thing...

So the hack works...

Glad to report that the fix works too... tested it here and it does work.
Thanks exeterdad
Logged

uelsk8s
Administrator
Vectorian
*****
Posts: 2504



« Reply #3 on: February 11, 2008, 08:17:42 am »

can you make the kernel module available for 2.6.22.14 (the 5.9) kernel at least?
Logged
joec
Member
*
Posts: 29


« Reply #4 on: February 11, 2008, 01:52:57 pm »

This is not a remote vulnerability  - correct?
Logged
uelsk8s
Administrator
Vectorian
*****
Posts: 2504



« Reply #5 on: February 11, 2008, 02:01:10 pm »

This is not a remote vulnerability  - correct?
If I can remotely connect to your computer then it is.

we have put together a package with the module.
It installs the module then adds it to rc.modules so it will be inserted on boot, and then inserts the module.
you can get it with slapt-get "slapt-get --update && slapt-get --install novmsplice" or with gslapt


Uelsk8s
Logged
rbistolfi
Packager
Vectorian
****
Posts: 2277


« Reply #6 on: February 11, 2008, 05:54:15 pm »

The package worked great, I tried the exploit and it works, is a serious thing. Should be the fix properly announced so we make sure most of the users will catch it?
Logged

"There is a concept which corrupts and upsets all others. I refer not to Evil, whose limited realm is that of ethics; I refer to the infinite."
Jorge Luis Borges, Avatars of the Tortoise.

--
Jumalauta!!
hata_ph
Packager
Vectorian
****
Posts: 3256


-- Just being myself --


« Reply #7 on: February 11, 2008, 07:51:13 pm »

a howto would be nice.........
Logged
rbistolfi
Packager
Vectorian
****
Posts: 2277


« Reply #8 on: February 11, 2008, 09:31:33 pm »

a howto would be nice.........

It is really easy, you have to type as root

Code:
slapt-get --update && slapt-get --install novmsplice
« Last Edit: February 22, 2008, 06:43:33 pm by rbistolfi » Logged

"There is a concept which corrupts and upsets all others. I refer not to Evil, whose limited realm is that of ethics; I refer to the infinite."
Jorge Luis Borges, Avatars of the Tortoise.

--
Jumalauta!!
hata_ph
Packager
Vectorian
****
Posts: 3256


-- Just being myself --


« Reply #9 on: February 12, 2008, 03:29:16 am »

Done. But the package is excluded if you view it by using gslapt......
 Tongue Tongue
Logged
rbistolfi
Packager
Vectorian
****
Posts: 2277


« Reply #10 on: February 12, 2008, 04:50:36 am »

hehe, right. I guess it is in the "kernel category". I think they are excluded because Gslapt will upgrade it by default, so there is no way to keep the old kernel. If something goes wrong, would be hard to fix. Perhaps there is a way, I don't use Gslapt very often... slapt-get is more easy imo. Less options, a more clear view, there is nothing in the way.
« Last Edit: February 12, 2008, 04:52:33 am by rbistolfi » Logged

"There is a concept which corrupts and upsets all others. I refer not to Evil, whose limited realm is that of ethics; I refer to the infinite."
Jorge Luis Borges, Avatars of the Tortoise.

--
Jumalauta!!
overclockedmind
Member
*
Posts: 6


« Reply #11 on: February 27, 2008, 02:41:02 pm »

I would just like to chime in on the topic, and say a big thank you for paying prompt attention to this matter. I keep my ear to the ground on this kind of thing, and it was very telling that we had a fix in short order.

Keep it up, we notice the hard work!

-- Joshua
Logged
InTheWoods
Vectorite
***
Posts: 302


« Reply #12 on: March 24, 2008, 03:35:02 pm »

I just did a fresh install of 5.9 and remembered this post. I would just like to add that
Code:
slapt-get --update && slapt-get --install novmsplice
does not work on a fresh install untill you update Gslapt.
Logged
overthere
Vectorian
****
Posts: 1263



« Reply #13 on: June 02, 2008, 03:49:37 am »

Just stumbled on this...may have seen it if posted in security advisory as I always look there but have seen nada...may be I missed other important patches maybe even a kernal update...Hmmm..
Logged

Everything Is Relative
sledgehammer
Vectorian
****
Posts: 1419



« Reply #14 on: September 17, 2008, 10:09:35 pm »

I just tried the "fix" on my 5.9 standard system.  After it finished running, I got the message:

Quote
Executing install script for novmsplice-1.0_2.6.22.14-i586-1vl59...
Done

Would someone let me know if this "fix" was not necessary?  I plan on administering it to several other machines.

John
Logged

VL7.0 xfce4 Samsung RF511
Pages: [1] 2 3
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2013, Simple Machines Valid XHTML 1.0! Valid CSS!