2005-01-07 15:49:53

by Frank Steiner

[permalink] [raw]
Subject: Fix for new elf_loader bug?

Hi,

is there already a patch for the new problem with the elf loader, maybe
in the bitkeeper tree?

http://www.isec.pl/vulnerabilities/isec-0021-uselib.txt

Thanks!
cu,
Frank
--
Dipl.-Inform. Frank Steiner Web: http://www.bio.ifi.lmu.de/~steiner/
Lehrstuhl f. Bioinformatik Mail: http://www.bio.ifi.lmu.de/~steiner/m/
LMU, Amalienstr. 17 Phone: +49 89 2180-4049
80333 Muenchen, Germany Fax: +49 89 2180-99-4049
* Rekursion kann man erst verstehen, wenn man Rekursion verstanden hat. *


2005-01-07 19:57:18

by Marcelo Tosatti

[permalink] [raw]
Subject: Re: Fix for new elf_loader bug?

On Fri, Jan 07, 2005 at 04:49:35PM +0100, Frank Steiner wrote:
> Hi,
>
> is there already a patch for the new problem with the elf loader, maybe
> in the bitkeeper tree?
>
> http://www.isec.pl/vulnerabilities/isec-0021-uselib.txt

2.6.10-ac6 contains a fix for the problem - a similar version should hit the BK tree
RSN.

2005-01-07 22:38:25

by Vasil Kolev

[permalink] [raw]
Subject: Re: Fix for new elf_loader bug?

On пт, 2005-01-07 at 15:05 -0200, Marcelo Tosatti wrote:
> On Fri, Jan 07, 2005 at 04:49:35PM +0100, Frank Steiner wrote:
> > Hi,
> >
> > is there already a patch for the new problem with the elf loader, maybe
> > in the bitkeeper tree?
> >
> > http://www.isec.pl/vulnerabilities/isec-0021-uselib.txt
>
> 2.6.10-ac6 contains a fix for the problem - a similar version should hit the BK tree
> RSN.

Looking at the advisory, it affects 2.4, too, where can a patch for it
be found?


Attachments:
signature.asc (189.00 B)
This is a digitally signed message part

2005-01-07 22:51:32

by Chris Wright

[permalink] [raw]
Subject: Re: Fix for new elf_loader bug?

* Vasil Kolev ([email protected]) wrote:
> Looking at the advisory, it affects 2.4, too, where can a patch for it
> be found?

in 2.4 bitkeeper, and in 2.4.29-rc1 patch.

thanks,
-chris
--
Linux Security Modules http://lsm.immunix.org http://lsm.bkbits.net

2005-01-07 23:00:30

by Marcelo Tosatti

[permalink] [raw]
Subject: Re: Fix for new elf_loader bug?

On Sat, Jan 08, 2005 at 12:26:39AM +0200, Vasil Kolev wrote:
> On ????, 2005-01-07 at 15:05 -0200, Marcelo Tosatti wrote:
> > On Fri, Jan 07, 2005 at 04:49:35PM +0100, Frank Steiner wrote:
> > > Hi,
> > >
> > > is there already a patch for the new problem with the elf loader, maybe
> > > in the bitkeeper tree?
> > >
> > > http://www.isec.pl/vulnerabilities/isec-0021-uselib.txt
> >
> > 2.6.10-ac6 contains a fix for the problem - a similar version should hit the BK tree
> > RSN.
>
> Looking at the advisory, it affects 2.4, too, where can a patch for it
> be found?

http://linux.bkbits.net:8080/linux-2.4/[email protected]?nav=index.html|ChangeSet@-1d|[email protected]

Attached.


Attachments:
(No filename) (681.00 B)
2.4-do-brk-locked.patch (8.22 kB)
Download all attachments

2005-01-08 13:58:35

by Lethalman

[permalink] [raw]
Subject: Re: Fix for new elf_loader bug?

Frank Steiner wrote:

> Hi,
>
> is there already a patch for the new problem with the elf loader, maybe
> in the bitkeeper tree?
>
> http://www.isec.pl/vulnerabilities/isec-0021-uselib.txt
>
> Thanks!
> cu,
> Frank

I made this very very very very very simple patch for kernel 2.4.28:
http://maphia.flowsecurity.org/patch/uselib-2.4.28.patch

The only thing that an attacker can do is to repeat the exploit and
cause a DoS, but it's hard too.


--
http://www.iosn.it * Amministratore Italian Open Source Network
http://www.fyrebird.net * Fyrebird Hosting Provider - Technical Department