DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=gamma;
        h=message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition;
        b=upCU8UKUKLFSmKOVrajqS9NOpHve3kxnNWtR5ouoDDec+ttbd+61ihRKcZCYIiYxPAsPi5/RXM64x11VBrBx/EDqZUlb2slYNb0Ee9YrPwJiwFHBSYCFfkCX2VsKakZ5RZ+HrPYdOAbsoJCtmqU/hV/VLSYlv/b3F6cyiLFFteQ=
Message-ID: <2e77fc10802092204t7764ff12s65304f70500e2090@mail.gmail.com>
Date: Sun, 10 Feb 2008 08:04:35 +0200
From: "Niki Denev" <ndenev@gmail.com>
To: linux-kernel@vger.kernel.org
Subject: kernel 2.6.24.1 still vulnerable to the vmsplice local root exploit
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Sender: linux-kernel-owner@vger.kernel.org
Content-Length: 982
Lines: 35

Hi,

As the subject says the 2.6.24.1 is still vulnerable to the vmsplice
local root exploit.

[opa@test tmp]$ uname -a
Linux tester 2.6.24.1 #1 Sun Feb 10 00:06:49 EST 2008 i686 unknown
[opa@test tmp]$ ./vms

-----------------------------------
 Linux vmsplice Local Root Exploit
 By qaaz
-----------------------------------
[+] mmap: 0x0 .. 0x1000
[+] page: 0x0
[+] page: 0x20
[+] mmap: 0x4000 .. 0x5000
[+] page: 0x4000
[+] page: 0x4020
[+] mmap: 0x1000 .. 0x2000
[+] page: 0x1000
[+] mmap: 0xb7f56000 .. 0xb7f88000
[+] root
[root@test tmp]#
[root@test tmp]# id
uid=0(root) gid=0(root) groups=2033(opa)
[root@test tmp]# uname -a
Linux test 2.6.24.1 #1 Sun Feb 10 00:06:49 EST 2008 i686 unknown

Is there any known fix/patch for this?
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/