[CentOS-devel] heads up: CVE-2008-0600 kernel root exploit
Charlie Brady
charlieb-centos-devel at budge.apana.org.auMon Feb 11 16:28:11 UTC 2008
- Previous message: [CentOS-devel] heads up: CVE-2008-0600 kernel root exploit
- Next message: [CentOS-devel] missing two updates in csgfs repo...
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Sun, 10 Feb 2008, Matthew Miller wrote: > On Sun, Feb 10, 2008 at 07:17:27PM -0600, Baird, Josh wrote: >> It actually made my 2.6.18-53.1.4.el5 x86 box panic. > > Yeah, me too. So that's arguably less severe, but still no good. A tweak of the exploit will make it work on x86_64 rather than cause kernel panic (https://bugzilla.redhat.com/show_bug.cgi?id=432251#c23). Proposed patch is already in upstream bug tracker (https://bugzilla.redhat.com/show_bug.cgi?id=432251#c6) diff -urN linux-2.6.18.x86_64/fs/splice.c linux-2.6.18.x86_64-fix/fs/splice.c --- linux-2.6.18.x86_64/fs/splice.c 2008-02-10 11:08:19.000000000 -0500 +++ linux-2.6.18.x86_64-fix/fs/splice.c 2008-02-10 11:31:06.000000000 -0500 @@ -1154,6 +1154,9 @@ if (unlikely(!base)) break; + if (unlikely(!access_ok(VERIFY_READ, base, len))) + break; + /* * Get this base offset and number of pages, then map * in the user pages.
- Previous message: [CentOS-devel] heads up: CVE-2008-0600 kernel root exploit
- Next message: [CentOS-devel] missing two updates in csgfs repo...
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS-devel mailing list