LinuxQuestions.org
Visit the LQ Articles and Editorials section
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices



Reply
 
Search this Thread
Old 02-03-2014, 07:48 AM   #46
brianL
LQ 5k Club
 
Registered: Jan 2006
Location: Oldham, Lancs, England
Distribution: Slackware & Slackware64 14.1
Posts: 7,139
Blog Entries: 52

Rep: Reputation: Disabled

Where do I put the nox32recvmmsg module, so that it's loaded permanently (survives reboot, etc) in /lib/modules/3.10.17? Which subdirectory?
EDIT
Doesn't seem to work.
Module loaded:
Code:
bash-4.2$ lsmod
Module                  Size  Used by
nox32recvmmsg           1201  1
Ran .poc:
Code:
bash-4.2$ ./slack64-14.1_CVE-2014-0038_poc 
13 minutes to root
................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................ praise bob!


The Golden Rule is of no use to you whatever unless you realize it
is your move.
                -- Frank Crane

root@slackdesk:~/temp#

Last edited by brianL; 02-03-2014 at 08:30 AM.
 
Old 02-03-2014, 11:55 AM   #47
mancha
Member
 
Registered: Aug 2012
Posts: 362

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by brianL View Post
Where do I put the nox32recvmmsg module, so that it's loaded permanently (survives reboot, etc) in /lib/modules/3.10.17? Which subdirectory?
To have the module load on boot, do the following:

Code:
# mkdir -p /lib/modules/$(uname -r)/misc
# cp nox32recvmmsg.ko /lib/modules/$(uname -r)/misc
# depmod -a
Then place an insmod (or modprobe) call in /etc/rc.d/rc.local or /etc/rc.d/rc.modules. i.e.

Code:
# echo "/sbin/modprobe nox32recvmmsg" >> /etc/rc.d/rc.local
Quote:
Originally Posted by brianL
EDIT
Doesn't seem to work.
Did you try the PoC first, then load the module, then try the PoC again by chance?

To be protected you must load the module on an untainted kernel. Reboot, insmod, and you should be OK. If that doesn't work let me know.

--mancha
 
2 members found this post helpful.
Old 02-03-2014, 11:57 AM   #48
brianL
LQ 5k Club
 
Registered: Jan 2006
Location: Oldham, Lancs, England
Distribution: Slackware & Slackware64 14.1
Posts: 7,139
Blog Entries: 52

Rep: Reputation: Disabled
Thanks, mancha. I'll do all you suggest.
 
Old 02-03-2014, 11:59 AM   #49
metaschima
Senior Member
 
Registered: Dec 2013
Distribution: Slackware
Posts: 1,526

Rep: Reputation: Disabled
It looks like it does work, because you are root at the bottom, by the # sign.
 
Old 02-03-2014, 12:04 PM   #50
brianL
LQ 5k Club
 
Registered: Jan 2006
Location: Oldham, Lancs, England
Distribution: Slackware & Slackware64 14.1
Posts: 7,139
Blog Entries: 52

Rep: Reputation: Disabled
Quote:
Originally Posted by metaschima View Post
It looks like it does work, because you are root at the bottom, by the # sign.
mancha's module is to prevent that happening.
 
Old 02-03-2014, 12:36 PM   #51
brianL
LQ 5k Club
 
Registered: Jan 2006
Location: Oldham, Lancs, England
Distribution: Slackware & Slackware64 14.1
Posts: 7,139
Blog Entries: 52

Rep: Reputation: Disabled
I think I've done everything right, the module is loaded, but I'm still getting:
Code:
bash-4.2$ cd temp
bash-4.2$ ./slack64-14.1_CVE-2014-0038_poc 
13 minutes to root
................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................ praise bob!


If you can't say anything good about someone, sit right here by me.
                -- Alice Roosevelt Longworth

root@slackdesk:~/temp#
 
Old 02-03-2014, 01:33 PM   #52
mancha
Member
 
Registered: Aug 2012
Posts: 362

Original Poster
Rep: Reputation: Disabled
OK, I think I know what is going on. Is there an "unable to handle kernel paging request" after the module is loaded (check /var/log/syslog).

If this is the case, I have uploaded a new module that accounts for protected-mode CPUs.

Please download and try it (note: it might take a minute or two to propagate to the SF servers). Check against hash below.

SHA256(nox32recvmmsg.tar.bz2)= 8c822d55a0a45f0fa994c73921701e2bb035bdaeb169c2355ed8d767414c4f73

--mancha
 
1 members found this post helpful.
Old 02-03-2014, 01:47 PM   #53
brianL
LQ 5k Club
 
Registered: Jan 2006
Location: Oldham, Lancs, England
Distribution: Slackware & Slackware64 14.1
Posts: 7,139
Blog Entries: 52

Rep: Reputation: Disabled
No, there's nothing in /var/log/syslog. I'll try the new module after I've eaten (never load modules on an empty stomach. ).
 
Old 02-03-2014, 02:31 PM   #54
brianL
LQ 5k Club
 
Registered: Jan 2006
Location: Oldham, Lancs, England
Distribution: Slackware & Slackware64 14.1
Posts: 7,139
Blog Entries: 52

Rep: Reputation: Disabled
Yes!!! The new module works:
Code:
bash-4.2$ cd temp
bash-4.2$ ./slack64-14.1_CVE-2014-0038_poc 
13 minutes to root
 doh!
bash-4.2$
Thanks, mancha.
 
Old 02-03-2014, 02:50 PM   #55
mancha
Member
 
Registered: Aug 2012
Posts: 362

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by brianL View Post
Yes!!! The new module works...Thanks, mancha.
You're welcome and thanks back to you for making me realize/remember I needed to deal with CR0.

--mancha

Last edited by mancha; 02-04-2014 at 11:51 AM. Reason: don't quote smiley
 
Old 02-05-2014, 02:16 PM   #56
mancha
Member
 
Registered: Aug 2012
Posts: 362

Original Poster
Rep: Reputation: Disabled
Update 20140205
  1. Mozilla various
    Firefox 27 (for current)
    Firefox ESR 24.3
    Thunderbird 24.3
    Seamonkey 2.24

    Fixed:
    CVE-2014-1477 CVE-2014-1478 CVE-2014-1479
    CVE-2014-1480 CVE-2014-1481 CVE-2014-1482
    CVE-2014-1483 CVE-2014-1484 CVE-2014-1485
    CVE-2014-1486 CVE-2014-1487 CVE-2014-1488
    CVE-2014-1489 CVE-2014-1490 CVE-2014-1491
--mancha
 
1 members found this post helpful.
Old 02-05-2014, 04:22 PM   #57
ponce
Senior Member
 
Registered: Aug 2004
Location: Pisa, Italy
Distribution: Slackware
Posts: 2,500

Rep: Reputation: 912Reputation: 912Reputation: 912Reputation: 912Reputation: 912Reputation: 912Reputation: 912Reputation: 912
Quote:
Originally Posted by mancha View Post
  1. Mozilla various
    Firefox 27 (for current)
    Firefox ESR 24.3
    Thunderbird 24.3
    Seamonkey 2.24
I was thinking that when one or more vulns hit the mozilla suite, to build the three on 12 different Slackware versions (13.0, 13.1, 13.37, 14.0, 14.1 and current, for i486 and x86_64) it's surely time-consuming...
 
Old 02-05-2014, 04:39 PM   #58
mancha
Member
 
Registered: Aug 2012
Posts: 362

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by ponce View Post
I was thinking that when one or more vulns hit the mozilla suite, to build the three on 12 different Slackware versions (13.0, 13.1, 13.37, 14.0, 14.1 and current, for i486 and x86_64) it's surely time-consuming...
Surely serves as a good RAM/CPU stress tester. The good news for Pat is I think he's only updating FF and Tbird for 14.1+current and
Seamonkey for 14.0+14.1+current (right?).

--mancha
 
Old 02-06-2014, 06:04 AM   #59
brianL
LQ 5k Club
 
Registered: Jan 2006
Location: Oldham, Lancs, England
Distribution: Slackware & Slackware64 14.1
Posts: 7,139
Blog Entries: 52

Rep: Reputation: Disabled
Got FF 27.0 using ruario's latest-firefox script.
 
Old 02-06-2014, 09:36 AM   #60
angryfirelord
Member
 
Registered: Dec 2005
Posts: 502

Rep: Reputation: 60
I apologize if this is slightly off topic and/or has been asked before, but is there a risk with running the 3.10.17 kernel when the latest upstream longterm release is 3.10.28? Are most of the fixes simply bug fixes or do the kernel security patches not really affect Slackware?
 
  


Reply

Tags
exploit, security, slackware


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
[Slackware Security]: Some pending vulnerabilities... mancha Slackware 7 08-22-2013 10:08 AM


All times are GMT -5. The time now is 11:25 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration