kernel 2.6.17-2.6.24.1 vmsplice localroot exploit
Posted: Mon Feb 11, 2008 12:02 am
Hey all, just thought I'd let you all know that the localroot exploit that broke on Slashdot here: http://it.slashdot.org/it/08/02/10/2011257.shtml
"sort of" affects our boxes with grsec on them. We have a whole bunch of Debian (Etch and Sarge) servers running kernel 2.6.23.something with grsec 2.1.11 on them, the published code *does* give a root terminal, however (at least with our configuration) it does not grant access to /sbin/gradm and the grsec permissions seem to hold (at least, with the 10 minutes of poking around on it I was able to do). One side effect is that the "rooted" grsec machine will lock up ~5-10 minutes after the exploit is run, which does leave us a bit open for a DoS attack I guess. Anyway, just thought I'd let you folks know our experience with this fairly well-publicized 'sploit, hope it helps someone!
--law
p.s. dear dev team: any word on when "testing" grsec is gonna roll over to "stable" any time soon? Just curious!
"sort of" affects our boxes with grsec on them. We have a whole bunch of Debian (Etch and Sarge) servers running kernel 2.6.23.something with grsec 2.1.11 on them, the published code *does* give a root terminal, however (at least with our configuration) it does not grant access to /sbin/gradm and the grsec permissions seem to hold (at least, with the 10 minutes of poking around on it I was able to do). One side effect is that the "rooted" grsec machine will lock up ~5-10 minutes after the exploit is run, which does leave us a bit open for a DoS attack I guess. Anyway, just thought I'd let you folks know our experience with this fairly well-publicized 'sploit, hope it helps someone!
--law
p.s. dear dev team: any word on when "testing" grsec is gonna roll over to "stable" any time soon? Just curious!