2.4.22: do_brk with grsecurity also vulnerable?
Posted:
Tue Dec 02, 2003 4:33 pmby msi
hello, i'm using linux 2.4.22 with grseucirty and today i heard of the do_brk root-exploit. now my question: is my system also endangered?
what can I do to secure my system (except a kernel upgrade)?
Posted:
Tue Dec 02, 2003 5:45 pmby msw
Yes.
I have read that the exploit was successfully tested on linux 2.4.22 with grsecurity.
I'll upgrade to 2.4.23
Posted:
Tue Dec 02, 2003 6:11 pmby axehind
Anyone know when grsec2 for 2.4.23 is coming out? Brad?
axehind
Posted:
Tue Dec 02, 2003 6:21 pmby Sleight of Mind
you could use
http://www.grsecurity.net/~spender/grse ... -rc2.patch
but i would suggest using the cvs instead. It's 2.4.23 now and always has the latest fixes etc.
Posted:
Wed Dec 03, 2003 4:05 pmby msi
hello everyone,
is this patch enough to block the do_brk hole:
- Code: Select all
--- t/linux-2.4.21/mm/mmap.c Fri Jun 13 16:51:39 2003
+++ linux-2.4.23/mm/mmap.c Fri Nov 28 19:26:21 2003
@@ -1040,6 +1040,9 @@
len = PAGE_ALIGN(len);
if (!len)
return addr;
+
+ if ((addr + len) > TASK_SIZE || (addr + len) < addr)
+ return -EINVAL;
/*
* mlock MCL_FUTURE?
Posted:
Wed Dec 03, 2003 4:54 pmby msi
hi,
my new kernel is up and running.
now, how can i test, wether my patch works? does anybody now, where i can get a exploit, or a program which tests the vulnerability?
Posted:
Wed Dec 03, 2003 7:13 pmby niz
There is some test program at bugtraq...
http://www.securityfocus.com/archive/1/ ... 03-12-06/0
I have not tested it..
