The Evil Code
The Evil Code
Just read the following: http://linuxreviews.org/news/2004-06...ash/index.html If I understand correctly then kernel 2.6.7 should be safe? ****************************************************** ... Patch for 2.6.xx Kernels, x86 and x86_64 Linux kernel 2.6.7 is now released. (2004-06-16 06:02 UTC) * Changelog : ChangeLog-2.6.7 This version is, ofcource, safe. Older versions of the 2.6.x should be patched: ... ******************************************************* I didn't find this already in a post. It would be nice if somebody can confirm that 2.6.7 is safe, then I'll pass on to upgrading my kernel. (I'm still using 2.4.22-xfs so I was considering an upgrade anyway.) Thanks for any advice. rgds, Lieven |
Dunno if 2.6.7 is safe. Please try it out and report back. Thanks for warning. I put it on the homepage and I'll sticky this thread under an appropriate header. For those who can't upgrade immediately I suggest disabling any user access to introduce/make/execute foreign binaries on vulnerable systems.
|
hello again,
I'm a little bit reluctant to go experimenting with upgrading a kernel on my linux fw/rtr at this point as it is crucial for my internet connection. I'm relatively new to that altough I found a good howto on upgrading kernels. (http://linuxreviews.org//howtos/Kernel-Build-HOWTO/) Problem is that this fw/rtr linux box is an old AMD-K6II 300MHz with only 96MB ram and I read that it might take a very long time to compile the kernel on that machine. (+/- 4 hours?) I prefer to setup a fresh linux distro on my work pc. (an AMD 2400XP 1GB ram) and compile the new kernel there and then move it to the old box But currently I'm experiencing some troubles installing a double boot system on the new pc. It has a sata drive and an older ide drive. Lilo is giving me a headache and doesn't show up to give me the choice to start the linux. It seems that I'm unable to write lilo to MBR of this sata drive. (http://www.linuxquestions.org/questi...hreadid=194293) => I'm working to get that fixed asap. As soon as I have the dual boot fixed, I'll compile and install the new kernel so I can test if it's resistant to this bug. Sorry for this delay. Kind regards, Lieven |
Yes, 2.6.7 is immune from this problem.
Linus fixed it in his own source tree a few days ago and was only delayed in releasing it because he was moving. |
thank you! :)
|
I wonder if there is a fix too for the :() { :|: & } ; : bug
just wondering as it doesn't even need compiling |
i don't think kernel 2..7 is safe......do you read the code???
/* -------------------- * frstor Local Kernel exploit * Crashes any kernel from 2.4.18 * to 2.6.7 because frstor in assembler * inline offsets in memory by 4. * Original proof of concept code * by stian_@_nixia.no. * Added some stuff by lorenzo_@_gnu.org * and fixed the fsave line with (*fpubuf). * -------------------- */ this is the head of the code.... this is the link to the code here |
All times are GMT -5. The time now is 02:09 AM. |