Russell McOrmond
2008-Feb-12 17:59 UTC
[Fedora-xen] Xen packages for Vulnerability to CVE-2008-0600
I suspect people are tracking this, and want to know about the process of the xen kernels. https://bugzilla.redhat.com/show_bug.cgi?id=432517 I tested right away, and the exploit works under Xen. -- Russell McOrmond, Internet Consultant: <http://www.flora.ca/> Please help us tell the Canadian Parliament to protect our property rights as owners of Information Technology. Sign the petition! http://www.digital-copyright.ca/petition/ict/ "The government, lobbied by legacy copyright holders and hardware manufacturers, can pry my camcorder, computer, home theatre, or portable media player from my cold dead hands!"
Asrai khn
2008-Feb-12 18:09 UTC
Re: [Fedora-xen] Xen packages for Vulnerability to CVE-2008-0600
On Feb 12, 2008 10:59 PM, Russell McOrmond <russell@flora.ca> wrote:> > I suspect people are tracking this, and want to know about the > process of the xen kernels. > > https://bugzilla.redhat.com/show_bug.cgi?id=432517 > > > I tested right away, and the exploit works under Xen. > >where to find the ''exploit'' ? :) thanks
Daniel P. Berrange
2008-Feb-12 18:15 UTC
Re: [Fedora-xen] Xen packages for Vulnerability to CVE-2008-0600
On Tue, Feb 12, 2008 at 11:09:17PM +0500, Asrai khn wrote:> On Feb 12, 2008 10:59 PM, Russell McOrmond <russell@flora.ca> wrote: > > > > > I suspect people are tracking this, and want to know about the > > process of the xen kernels. > > > > https://bugzilla.redhat.com/show_bug.cgi?id=432517 > > > > > > I tested right away, and the exploit works under Xen. > > > > > where to find the ''exploit'' ? :)http://justfuckinggoogleit.com/ Dan -- |=- Red Hat, Engineering, Emerging Technologies, Boston. +1 978 392 2496 -=| |=- Perl modules: http://search.cpan.org/~danberr/ -=| |=- Projects: http://freshmeat.net/~danielpb/ -=| |=- GnuPG: 7D3B9505 F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 -=|
Asrai khn
2008-Feb-12 18:26 UTC
Re: [Fedora-xen] Xen packages for Vulnerability to CVE-2008-0600
On Feb 12, 2008 11:15 PM, Daniel P. Berrange <berrange@redhat.com> wrote:> http://justfuckinggoogleit.com/ > > > wow got it fromhttp://downloads.securityfocus.com/vulnerabilities/exploits/27704.c gcc -o exploit 27704.c ./expoit gimme at 2.6.21-2952.fc8xen (didn''t get root shell) Linux vmsplice Local Root Exploit By qaaz ----------------------------------- [+] mmap: 0x0 .. 0x1000 [+] page: 0x0 [+] page: 0x20 [+] mmap: 0x4000 .. 0x5000 [+] page: 0x4000 [+] page: 0x4020 [+] mmap: 0x1000 .. 0x2000 [+] page: 0x1000 [+] mmap: 0xb7ef4000 .. 0xb7f26000 Segmentation fault [asraikhn@xxxx ~]$ Message from syslogd@xxxx at Feb 12 18:21:48 ... kernel: Oops: 0000 [#1] Message from syslogd@xxxx at Feb 12 18:21:48 ... kernel: SMP Message from syslogd@xxxx at Feb 12 18:21:48 ... kernel: CPU: 0 Message from syslogd@xxxx at Feb 12 18:21:48 ... kernel: EIP: 0061:[<080487f5>] Not tainted VLI Message from syslogd@xxxx at Feb 12 18:21:48 ... kernel: EFLAGS: 00210293 (2.6.21-2952.fc8xen #1) Message from syslogd@xxxx at Feb 12 18:21:48 ... kernel: EIP is at 0x80487f5 Message from syslogd@xxxx at Feb 12 18:21:48 ... kernel: eax: e9000003 ebx: 00000004 ecx: 00000000 edx: 00004000 Message from syslogd@xxxx at Feb 12 18:21:48 ... kernel: esi: c3c79f8c edi: ffffffe0 ebp: c3c79e70 esp: c3c79e5c Message from syslogd@xxxx at Feb 12 18:21:48 ... kernel: ds: 007b es: 007b fs: 00d8 gs: 0033 ss: 0069 Message from syslogd@xxxx at Feb 12 18:21:48 ... kernel: Process exploit (pid: 26415, ti=c3c79000 task=c14217d0 task.ti=c3c79000) Message from syslogd@xxxx at Feb 12 18:21:48 ... kernel: Stack: 0000000d 00000000 e9000003 e9000003 00000004 00000001 c1058163 c108adbd Message from syslogd@xxxx at Feb 12 18:21:48 ... kernel: 00000000 00000000 00000000 00000000 00000030 00000030 bfe230b8 c108b9e7 Message from syslogd@xxxx at Feb 12 18:21:48 ... kernel: ffffffd0 00000000 00000000 c3c79f4c 00000000 c3c7a00c c181b120 c039ba00 Message from syslogd@xxxx at Feb 12 18:21:48 ... kernel: Call Trace: Message from syslogd@xxxx at Feb 12 18:21:48 ... kernel: [<c1058163>] put_compound_page+0x13/0x14 Message from syslogd@xxxx at Feb 12 18:21:48 ... kernel: [<c108adbd>] splice_to_pipe+0x1c7/0x1d6 Message from syslogd@xxxx at Feb 12 18:21:48 ... kernel: [<c108b9e7>] sys_vmsplice+0x262/0x28b Message from syslogd@xxxx at Feb 12 18:21:48 ... kernel: ====================== Message from syslogd@xxxx at Feb 12 18:21:48 ... kernel: Code: Bad EIP value. Message from syslogd@xxxx at Feb 12 18:21:48 ... kernel: EIP: [<080487f5>] 0x80487f5 SS:ESP 0069:c3c79e5c regards
Asrai khn
2008-Feb-12 18:40 UTC
Re: [Fedora-xen] Xen packages for Vulnerability to CVE-2008-0600
On Feb 12, 2008 11:26 PM, Asrai khn <asraikhn@gmail.com> wrote:> > gcc -o exploit 27704.c > > > ./expoit > > gimme at 2.6.21-2952.fc8xen (didn''t get root shell) > > didn''t give root shell kernels 2.6.23 (custom build) which we are runningfor UML. regards