| View previous topic :: View next topic |
| Author |
Message |
dejima
Tux's lil' helper
Joined: 16 Jul 2004
Posts: 130
Location: Greece
|
 Posted: Sat Jul 15, 2006 5:35 pm Post subject: Gentoo,kernel exploits and GLSA |
 |
|
Given the recent wave of linux 2.6.x kernel exploits and although the gentoo team patches kernel sources almost immediately after the publication of patches no GLSA is published informing users for this.
From the gentoo-sources Changelog
| Code: |
15 Jul 2006; Christian Heim <phreak@gentoo.org>
+gentoo-sources-2.6.17-r3.ebuild:
Update to Linux 2.6.17.5 for local priviledge escalation security fix
(#140444 / CVE-2006-3626)
*gentoo-sources-2.6.16-r13 (15 Jul 2006)
15 Jul 2006; Christian Heim <phreak@gentoo.org>
+gentoo-sources-2.6.16-r13.ebuild:
Update to Linux 2.6.16.25 for local priviledge escalation security fix
(#140444 / CVE-2006-3626)
10 Jul 2006; Gustavo Zacarias <gustavoz@gentoo.org>
gentoo-sources-2.6.16-r12.ebuild, gentoo-sources-2.6.17-r2.ebuild:
Stable on sparc
08 Jul 2006; Markus Rothe <corsair@gentoo.org>
gentoo-sources-2.6.16-r12.ebuild:
Stable on ppc64
07 Jul 2006; Daniel Drake <dsd@gentoo.org>
gentoo-sources-2.6.16-r12.ebuild:
Stable on x86 + amd64
*gentoo-sources-2.6.17-r2 (07 Jul 2006)
07 Jul 2006; Daniel Drake <dsd@gentoo.org>
+gentoo-sources-2.6.17-r2.ebuild:
Update to Linux 2.6.17.4 for coredump privilege escalation security fix
*gentoo-sources-2.6.16-r12 (06 Jul 2006)
06 Jul 2006; Daniel Drake <dsd@gentoo.org>
+gentoo-sources-2.6.16-r12.ebuild:
Update to Linux 2.6.16.24 for coredump privilege escalation security fix
|
As you can see gentoo-sources-2.6.17-r2 is a stable release but no GLSA has been published.
What is your opinion about this? |
|
| Back to top |
|
 |
Maedhros
Bodhisattva
Joined: 14 Apr 2004
Posts: 5511
Location: Durham, UK
|
| Posted: Sat Jul 15, 2006 6:02 pm Post subject: |
|
|
The bug that's referenced in the changelog (bug 140444) hasn't been closed yet. I think the GLSA will be published when everything that needs to be stabled has been stabled (it affects more than just gentoo-sources, after all).
_________________
No-one's more important than the earthworm. |
|
| Back to top |
|
|
kallamej
Administrator
Joined: 27 Jun 2003
Posts: 4985
Location: Gothenburg, Sweden
|
| Posted: Sat Jul 15, 2006 6:27 pm Post subject: |
|
|
Gentoo hasn't posted a kernel related GLSA in a very long time. In fact, current policy says not to do so:
To be honest, I'm not sure what the Gentoo KISS system entails.
Edit: This seems to be the latest piece of information I can find about KISS: http://article.gmane.org/gmane.linux.gentoo.security/2787/match=kiss
_________________
Please read our FAQ Forum, it answers many of your questions.
irc: #gentoo-forums on irc.libera.chat |
|
| Back to top |
|
|
dejima
Tux's lil' helper
Joined: 16 Jul 2004
Posts: 130
Location: Greece
|
| Posted: Sat Jul 15, 2006 11:33 pm Post subject: |
|
|
Thank U for your quick responses.
KISS was something that I was not aware of.
I was just wondering if there is a way to inform users that they are strongly adviced to update to the latest kernel so that they are not vulnerable. |
|
| Back to top |
|
|
memek
n00b
Joined: 16 Jul 2006
Posts: 2
|
| Posted: Sun Jul 16, 2006 3:29 am Post subject: |
|
|
OK,
I've been testing my own kernel...and then woops...rooted! any fix?
| Code: |
$uname -an
Linux reinasess 2.6.16-gentoo-r12 #1 SMP Sun Jul 16 13:11:47 GMT 2006 i686 Mobile Intel(R) Pentium(R) 4 - M CPU 1.70GHz GenuineIntel GNU/Linux
$ ./2.6
[+] getting root shell
sh-3.1#id
uid=0(root) gid=0(root) groups=7(lp),10(wheel),18(audio),19(cdrom),100(users)
sh-3.1#
|
My box rooted using latest gentoo-sources kernel...any patch? |
|
| Back to top |
|
|
kallamej
Administrator
Joined: 27 Jun 2003
Posts: 4985
Location: Gothenburg, Sweden
|
| Posted: Sun Jul 16, 2006 7:24 am Post subject: |
|
|
| memek wrote: | | My box rooted using latest gentoo-sources kernel...any patch? |
The fix is to upgrade to 2.6.16-r13, or to remount /proc nosuid,noexec, see this thread on the gentoo-dev mailing list.
| dejima wrote: | | I was just wondering if there is a way to inform users that they are strongly adviced to update to the latest kernel so that they are not vulnerable. |
KISS was supposed to be it, but alas, it is not in production yet afaict.
_________________
Please read our FAQ Forum, it answers many of your questions.
irc: #gentoo-forums on irc.libera.chat |
|
| Back to top |
|
|
dejima
Tux's lil' helper
Joined: 16 Jul 2004
Posts: 130
Location: Greece
|
| Posted: Sun Jul 16, 2006 7:36 am Post subject: |
|
|
| memek wrote: | OK,
I've been testing my own kernel...and then woops...rooted! any fix?
|
You are probably referring to CVE-2006-3626 and not to CVE-2006-2451 since this one was fixed in 2.6.16-gentoo-r12 . |
|
| Back to top |
|
|
memek
n00b
Joined: 16 Jul 2006
Posts: 2
|
| Posted: Sun Jul 16, 2006 7:46 am Post subject: |
|
|
| dejima wrote: | | memek wrote: | OK,
I've been testing my own kernel...and then woops...rooted! any fix?
|
You are probably referring to CVE-2006-3626 and not to CVE-2006-2451 since this one was fixed in 2.6.16-gentoo-r12 . |
Ah I think so...BUT anyway this latest kernel still not pached...I have to take it down..
| Code: |
$uname -an
Linux reinasess 2.6.16-gentoo-r13 #1 SMP Sun Jul 16 GMT 17:56:53 2006 i686 Mobile Intel(R) Pentium(R) 4 - M CPU 1.70GHz GenuineIntel GNU/Linux
$ ./2.6
[+] getting root shell
sh-3.1#id
uid=0(root) gid=0(root) groups=7(lp),10(wheel),18(audio),19(cdrom),100(users)
sh-3.1#
|
As you can see I have upgraded fresh install new kernel r13 but still got rooted.....be carefull guys...still not patched yet,... |
|
| Back to top |
|
|
kallamej
Administrator
Joined: 27 Jun 2003
Posts: 4985
Location: Gothenburg, Sweden
|
| Posted: Sun Jul 16, 2006 7:55 am Post subject: |
|
|
If the supposedly fixed version still is vulnerable, please post so on the bug mentioned above.
_________________
Please read our FAQ Forum, it answers many of your questions.
irc: #gentoo-forums on irc.libera.chat |
|
| Back to top |
|
|
gkmac
Guru
Joined: 19 Jan 2003
Posts: 336
Location: West Sussex, UK
|
| Posted: Sun Jul 16, 2006 11:54 am Post subject: |
|
|
memek, I've seen more than one "root-shell" exploit program that, once run, would chmod itself suid root. That meant that if the kernel was upgraded to fix the vulnerability, the program would still be a root-shell until it was chmodded or deleted.
So once you've upgraded the kernel, chmod 755 the program before trying it again. |
|
| Back to top |
|
|
|
Gentoo Chat
