View previous topic :: View next topic |
Author |
Message |
toralf Developer
Joined: 01 Feb 2004 Posts: 3922 Location: Hamburg
|
Posted: Thu Dec 08, 2016 10:19 am Post subject: doesn't work: CVE-2016-8655 Linux af_packet.c race condition |
|
|
Hi,
at my system I can't get that exploit (http://seclists.org/oss-sec/2016/q4/621) to succeeded under a vanilla kernel 4.9-rc7 (hardened even more not). I do always get: Code: | linux AF_PACKET race condition exploit by rebel
i have no offsets for this kernel version..
kernel version: 4.9.0-rc7 #1 SMP Thu Dec 8 10:19:36 CET 2016
|
Are there any other preconditions I do have to met ? |
|
Back to top |
|
|
Apheus Guru
Joined: 12 Jul 2008 Posts: 422
|
Posted: Thu Dec 08, 2016 10:26 am Post subject: |
|
|
From the source:
Code: | struct offset offsets[] = {
{"4.4.0-46-generic #67~14.04.1",0xffffffff810842f0,0xffffffff81e4b100,0xffffffff81274580,0xffffffff8106b880},
{"4.4.0-47-generic #68~14.04.1",0,0,0,0},
{"4.2.0-41-generic #48",0xffffffff81083470,0xffffffff81e48920,0xffffffff812775c0,0xffffffff8106c680},
{"4.8.0-22-generic #24",0xffffffff8108ab70,0xffffffff81e47880,0xffffffff812b34b0,0xffffffff8106f0d0},
...
|
These are necessary data, different for every kernel, and have only been collected for ubuntu kernels. You would have to find the offsets for a given custom kernel. I would like to know too how this can be done. _________________ My phrenologist says I'm stupid. |
|
Back to top |
|
|
kernelOfTruth Watchman
Joined: 20 Dec 2005 Posts: 6111 Location: Vienna, Austria; Germany; hello world :)
|
|
Back to top |
|
|
derk Guru
Joined: 10 Mar 2003 Posts: 347 Location: St Thomas Ontario
|
Posted: Tue Dec 27, 2016 11:58 am Post subject: |
|
|
doesn't the 4.9.0 kernel have the fix patch in place? or is this rc before the patch (dec 2,2016) release? |
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
|