# Local root exploit for all 2.4 and 2.6 kernels

## NightMonkey

Saw it on Bugtraq, now it's on Slashdot:

http://isec.pl/vulnerabilities/isec-0021-uselib.txt

Included code only compiles on 2.4 and gcc 3.2.*.

OK, so now, if nobody logs in, nobody gets hurt  :Wink: . Oops, "nobody" can exploit this too  :Sad:  ...

----------

## nielchiano

 *NightMonkey wrote:*   

> Included code only compiles on 2.4 and gcc 3.2.*.

 

I can confirm that. just tried it on my 2.6.7-gentoo-r11. Compiles great, but fails to "allocate memory"

This DOES NOT MEAN that 2.6.* is free of this vulnerability; just the Proof-of-Concept code doesn't work for it...

----------

## NightMonkey

 *nielchiano wrote:*   

>  *NightMonkey wrote:*   Included code only compiles on 2.4 and gcc 3.2.*. 
> 
> I can confirm that. just tried it on my 2.6.7-gentoo-r11. Compiles great, but fails to "allocate memory"
> 
> This DOES NOT MEAN that 2.6.* is free of this vulnerability; just the Proof-of-Concept code doesn't work for it...

 

Hey, I hope that some super-ultra-mega-guru comes through with a valid test for the 2.6-series kernels and gcc 3.4!

----------

## gen2fox

Read that on /. a couple of minutes ago...

Even if nobody manages to come up with 2.6 code, many servers are still running 2.4, so it is an issue for many of us.

Hope a patch comes out soon.

----------

## didl

The grsec team has posted a set of cummulative patches that

should fix this as far as I can tell.

http://www.grsecurity.net/download.php

----------

## zerojay

2.6.10-gentoo-dev-sources-r3 has the fix for this vulnerability.

----------

## nielchiano

 *DarkStalker wrote:*   

> 2.6.10-gentoo-dev-sources-r3 has the fix for this vulnerability.

 

hmm, If you're really concerned about security you should try out hardened-dev-2.6.*

Is that series already patched?

----------

## zerojay

 *nielchiano wrote:*   

>  *DarkStalker wrote:*   2.6.10-gentoo-dev-sources-r3 has the fix for this vulnerability. 
> 
> hmm, If you're really concerned about security you should try out hardened-dev-2.6.*
> 
> Is that series already patched?

 

I used Gentoo Hardened for the past two months and got tired of not being able to compile programs that I need.

----------

## nielchiano

 *DarkStalker wrote:*   

> I used Gentoo Hardened for the past two months and got tired of not being able to compile programs that I need.

 

explain...

I don't think hardened-kernel prevents you from compiling programs; it restricts possible dangerous code-executions.

----------

## zerojay

 *nielchiano wrote:*   

>  *DarkStalker wrote:*   I used Gentoo Hardened for the past two months and got tired of not being able to compile programs that I need. 
> 
> explain...
> 
> I don't think hardened-kernel prevents you from compiling programs; it restricts possible dangerous code-executions.

 

You obviously haven't been using Gentoo Hardened then. Several of the changes made to GCC prevent certain programs from compiling and while the hardened guys are great people, if I asked them about stuff like this, they would just shrug their shoulders and say "I dunno". Even if the programs compile, it's no guarantee that they'll work, which also happened on a somewhat frequent basis.

----------

## nielchiano

 *DarkStalker wrote:*   

> You obviously haven't been using Gentoo Hardened then.

 

almost true; I'm playing a bit around with it on my server machine; till now no problems with it. But I don't need to compile programs on it (outside of portage), so that might also explain it.

 *DarkStalker wrote:*   

> Even if the programs compile, it's no guarantee that they'll work, which also happened on a somewhat frequent basis.

 

I'm just starting off in this matter, so forgive me my noob-ness: I read that the kernel will only kill a program if it violates some of the rules (execute writable memory, etc...) not just every program...

----------

## zerojay

 *nielchiano wrote:*   

>  *DarkStalker wrote:*   You obviously haven't been using Gentoo Hardened then. 
> 
> almost true; I'm playing a bit around with it on my server machine; till now no problems with it. But I don't need to compile programs on it (outside of portage), so that might also explain it.
> 
>  *DarkStalker wrote:*   Even if the programs compile, it's no guarantee that they'll work, which also happened on a somewhat frequent basis. 
> ...

 

I'm not talking about compiling programs outside of portage at all. I'm talking about ebuilds in portage that exhibit errors causing the ebuild to fail that are specific to Gentoo Hardened. I never said anything about the kernel killing any programs. I'm talking about programs simply not functioning correctly at runtime.

----------

## didl

 *DarkStalker wrote:*   

> 
> 
> I used Gentoo Hardened for the past two months and got tired of not being able to compile programs that I need.

 

I have been using the hardened toolchain and hardened-dev-sources

for more than half a year now and there was only a single program

(xemacs) that would not compile initially, but even this one was

fairly simple to fix. Otherwise the hardened toolchain is running

like a charmm. I am very happy with it.

----------

## nielchiano

 *DarkStalker wrote:*   

> I'm talking about programs simply not functioning correctly at runtime.

 

Like which programs? apache? proftpd? sshd?

or more "fancy" things like X, KDE, Gnome, OpenOffice.org, ...?

----------

## zerojay

 *didl wrote:*   

>  *DarkStalker wrote:*   
> 
> I used Gentoo Hardened for the past two months and got tired of not being able to compile programs that I need. 
> 
> I have been using the hardened toolchain and hardened-dev-sources
> ...

 

I'd be happy with it too if I could have been able to use what I needed.

----------

## zerojay

 *nielchiano wrote:*   

>  *DarkStalker wrote:*   I'm talking about programs simply not functioning correctly at runtime. 
> 
> Like which programs? apache? proftpd? sshd?
> 
> or more "fancy" things like X, KDE, Gnome, OpenOffice.org, ...?

 

I had X and KDE working just fine, it's just some of the support stuff needed by other programs.. stuff like callgrind wouldn't compile and stuff like xine_lib would crash when playing a certain video type, etc. I guess the lack of people working on Hardened doesn't help either. I'll probably give hardened another shot in a few months because I really believe in the project and like what they've done with selinux, pax and grsecurity. I just wish that things I need would work with it.

----------

## imp

DarkStalker:

You are talking about Hardened Gentoo distro, right? I think there is a bit of misunderstanding here: the others seem to talk about hardened-sources, not the (entire) Hardened Gentoo, which has patched GCC among other things.

----------

## zerojay

Yes, I am talking about the Gentoo Hardened distro because if I meant it was a hardened-dev-sources problem, I would have mentioned it.

Edit: That sounds a lot harsher than I meant it. Thanks for trying to unravel the confusion.

----------

## Frozen Flame

I got gentoo-dev-sources 2.6.9-r10 on my router (with a few buddy accounts). I'm not concerned about my buds, but is my kernel exlpoitable?

If it its, could someone suggest me a agood alternative, hardenend perhaps ?

----------

## nielchiano

 *Frozen Flame wrote:*   

> I got gentoo-dev-sources 2.6.9-r10 on my router (with a few buddy accounts). I'm not concerned about my buds, but is my kernel exlpoitable?
> 
> If it its, could someone suggest me a agood alternative, hardenend perhaps ?

 

Maybe read the post first:

 *DarkStalker wrote:*   

> 2.6.10-gentoo-dev-sources-r3 has the fix for this vulnerability.

 

----------

## amne

 *DarkStalker wrote:*   

> 2.6.10-gentoo-dev-sources-r3 has the fix for this vulnerability.

 

Some more are in -r4:

 *Quote:*   

> *gentoo-dev-sources-2.6.10-r4 (09 Jan 2005)
> 
>   09 Jan 2005; Daniel Drake <dsd@gentoo.org>
> 
>   +gentoo-dev-sources-2.6.10-r4.ebuild:
> ...

 

----------

## NightMonkey

 *amne wrote:*   

>  *DarkStalker wrote:*   2.6.10-gentoo-dev-sources-r3 has the fix for this vulnerability. 
> 
> Some more are in -r4:
> 
>  *Quote:*   *gentoo-dev-sources-2.6.10-r4 (09 Jan 2005)
> ...

 

Had a strange issue with vesa-tng on my AMD SMP box w/ nvidia GPU, but after switching to vesafb, things seem to be working well. No errors on dmesg. Same on PIII laptop. Yay!

----------

