urgent, kernel + grsec vulnerability
Posted: Tue Feb 12, 2008 4:17 am
hey, it seems like all versions of grsec, the stable one and testing one with it's kernel versions it's vulnerable to the vmsplice exploit: http://www.milw0rm.com/exploits/5092
a dumb user from my system tried to gain root, gained root but lucky me, the system crashed after ( ran out of memory, responded to pings only, no daemon working )
currently the only fix I could find was to upgrade to this latest kernel 2.6.24.2, with no grsec. I previously had grsecurity-2.1.11-2.6.23.14-200801231800 but I had to give up on it to prevent any more attempts or chases.
do you have any test patches or something that ... skips this ugly vulnerability ?
a dumb user from my system tried to gain root, gained root but lucky me, the system crashed after ( ran out of memory, responded to pings only, no daemon working )
currently the only fix I could find was to upgrade to this latest kernel 2.6.24.2, with no grsec. I previously had grsecurity-2.1.11-2.6.23.14-200801231800 but I had to give up on it to prevent any more attempts or chases.
do you have any test patches or something that ... skips this ugly vulnerability ?