[CentOS-devel] heads up: CVE-2008-0600 kernel root exploit
Charlie Brady
charlieb-centos-devel at budge.apana.org.au
Mon Feb 11 16:28:11 UTC 2008
On Sun, 10 Feb 2008, Matthew Miller wrote:
> On Sun, Feb 10, 2008 at 07:17:27PM -0600, Baird, Josh wrote:
>> It actually made my 2.6.18-53.1.4.el5 x86 box panic.
>
> Yeah, me too. So that's arguably less severe, but still no good.
A tweak of the exploit will make it work on x86_64 rather than cause
kernel panic (https://bugzilla.redhat.com/show_bug.cgi?id=432251#c23).
Proposed patch is already in upstream bug tracker
(https://bugzilla.redhat.com/show_bug.cgi?id=432251#c6)
diff -urN linux-2.6.18.x86_64/fs/splice.c linux-2.6.18.x86_64-fix/fs/splice.c
--- linux-2.6.18.x86_64/fs/splice.c 2008-02-10 11:08:19.000000000 -0500
+++ linux-2.6.18.x86_64-fix/fs/splice.c 2008-02-10 11:31:06.000000000 -0500
@@ -1154,6 +1154,9 @@
if (unlikely(!base))
break;
+ if (unlikely(!access_ok(VERIFY_READ, base, len)))
+ break;
+
/*
* Get this base offset and number of pages, then map
* in the user pages.
More information about the CentOS-devel
mailing list