thr3ads.net - Secure testing team - [Secure-testing-team] Bug#541483: linux-image-2.6.18-6-686-bigmem: root exploit [Aug 2009]

If this information is useful, please help other people find it:
Share via:

Michael Moritz

2009-Aug-14 15:49 UTC

[Secure-testing-team] Bug#541483: linux-image-2.6.18-6-686-bigmem: root exploit

Package: linux-image-2.6.18-6-686-bigmem
Version: 2.6.18.dfsg.1-24etch2
Severity: critical
Tags: security
Justification: root security hole


see

http://blog.cr0.org/2009/08/linux-null-pointer-dereference-due-to.html


and the fix

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=e694958388c50148389b0e9b9e9e8945cf0f1b98


We''ve tested one exploit and it worked (also in 2.6.8)



-- System Information:
Debian Release: 4.0
  APT prefers oldstable
  APT policy: (500, ''oldstable''), (500,
''stable'')
Architecture: i386 (i686)

Kernel: Linux 2.6.18-6-686-bigmem (SMP w/4 CPU cores)
Locale: LANG=en_GB.ISO-8859-15, LC_CTYPE=en_GB.ISO-8859-15 (charmap=ISO-8859-15)
Shell: /bin/sh linked to /bin/bash

Versions of packages linux-image-2.6.18-6-686-bigmem depends on:
ii  coreutils                    5.97-5.3    The GNU core utilities
ii  debconf [debconf-2.0]        1.5.11etch2 Debian configuration management sy
ii  initramfs-tools [linux-initr 0.85i       tools for generating an initramfs
ii  module-init-tools            3.3-pre4-2  tools for managing Linux kernel mo

Versions of packages linux-image-2.6.18-6-686-bigmem recommends:
ii  libc6-i686                    2.7-18     GNU C Library: Shared libraries [i

Versions of packages linux-image-2.6.18-6-686-bigmem suggests:
ii  grub                        0.97-27etch1 GRand Unified Bootloader
pn  linux-doc-2.6.18            <none>       (no description available)

-- debconf information:
  linux-image-2.6.18-6-686-bigmem/preinst/abort-overwrite-2.6.18-6-686-bigmem:
 
linux-image-2.6.18-6-686-bigmem/preinst/failed-to-move-modules-2.6.18-6-686-bigmem:
  linux-image-2.6.18-6-686-bigmem/preinst/bootloader-initrd-2.6.18-6-686-bigmem:
true
  linux-image-2.6.18-6-686-bigmem/preinst/abort-install-2.6.18-6-686-bigmem:
 
linux-image-2.6.18-6-686-bigmem/postinst/create-kimage-link-2.6.18-6-686-bigmem:
true
  linux-image-2.6.18-6-686-bigmem/postinst/old-initrd-link-2.6.18-6-686-bigmem:
true
 
linux-image-2.6.18-6-686-bigmem/preinst/overwriting-modules-2.6.18-6-686-bigmem:
true
 
linux-image-2.6.18-6-686-bigmem/postinst/old-system-map-link-2.6.18-6-686-bigmem:
true
 
linux-image-2.6.18-6-686-bigmem/postinst/depmod-error-initrd-2.6.18-6-686-bigmem:
false
  linux-image-2.6.18-6-686-bigmem/postinst/bootloader-error-2.6.18-6-686-bigmem:
  shared/kernel-image/really-run-bootloader: true
 
linux-image-2.6.18-6-686-bigmem/prerm/would-invalidate-boot-loader-2.6.18-6-686-bigmem:
true
 
linux-image-2.6.18-6-686-bigmem/postinst/old-dir-initrd-link-2.6.18-6-686-bigmem:
true
 
linux-image-2.6.18-6-686-bigmem/prerm/removing-running-kernel-2.6.18-6-686-bigmem:
true
  linux-image-2.6.18-6-686-bigmem/preinst/lilo-has-ramdisk:
*
linux-image-2.6.18-6-686-bigmem/preinst/already-running-this-2.6.18-6-686-bigmem:
  linux-image-2.6.18-6-686-bigmem/postinst/kimage-is-a-directory:
 
linux-image-2.6.18-6-686-bigmem/postinst/bootloader-test-error-2.6.18-6-686-bigmem:
  linux-image-2.6.18-6-686-bigmem/postinst/depmod-error-2.6.18-6-686-bigmem:
false
  linux-image-2.6.18-6-686-bigmem/preinst/lilo-initrd-2.6.18-6-686-bigmem: true
  linux-image-2.6.18-6-686-bigmem/preinst/initrd-2.6.18-6-686-bigmem:
  linux-image-2.6.18-6-686-bigmem/preinst/elilo-initrd-2.6.18-6-686-bigmem: true

Secure testing team - Aug 2009 - Bug#541483: linux-image-2.6.18-6-686-bigmem: root exploit

[Secure-testing-team] Bug#541483: linux-image-2.6.18-6-686-bigmem: root exploit