WARN: Kernel vuln: MCAST_MSFILTER (2.4.22/2.6.1)
Linux kernel setsockopt MCAST_MSFILTER integer overflow
Reference: http://msgs.securepoint.com/cgi-bin/...q0404/212.html Bugtraq, iSEC Security Research (Paul Starzetz and Wojciech Purczynski), Apr 21, 05:15 3. Impact Proper exploitation of this vulnerability leads to local privilege escalation giving an attacker full super-user privileges. Unsuccesfull exploitation of the vulnerability may lead to a denial-of-service attack causing machine crash or instant reboot. 4. Solution This bug has been fixed in the 2.4.26 and 2.6.4 kernel releases. All users of vulnerable kernels are advised to upgrade to the latest kernel version. For further information please contact your vendor. |
Thanks unSpawn, I now upgraded my kernel.
Noah |
setsockopt MCAST_MSFILTER temporary FIX
For those with valid reasons not to upgrade (are there any?) here's my testlog for the fix as presented on Bugtraq by nolife. Test ran in runlevel 1 as root on a 2.4.24-SMP Grsecurity reinforced kernel, without loading Grsec ACL's or sysctl's.
]# wget "http://sigsegv.cc/setsockopt.c" -O /tmp/setsockoptFIX.c ]# flawfinder /tmp/setsockoptFIX.c No hits found. ]# vi /tmp/setsockoptFIX.c ]# telinit 1 Note I had to compile like this to have it work: ]# gcc -c -O3 -fomit-frame-pointer -I/lib/modules/$(uname -r)/build/include /tmp/setsockoptFIX.c -o /tmp/setsockoptFIX ]# insmod -v -n /tmp/setsockoptFIX Using /tmp/setsockoptFIX Symbol version prefix 'smp_' ]# insmod /tmp/setsockoptFIX ]# lsmod|grep setsockoptFIX setsockoptFIX 1380 0 (unused) Using Samhain's excellent kern_check: ]# kern_check /boot/System.map WARNING: (kernel) 0xe09e7060 != 0xc0310740 (map) [sys_socketcall] ]# mount /tmp -o remount,exec && /tmp/setsockoptPOC Calling setsockopt(), this should crash the box... setsockopt exploit halted. abused by uid 0 with process setsockoptPOC Invalid setsockopt: : No buffer space available ]# setsockopt exploit halted. abused by uid 0 with process setsockoptPOC |
Is thare any patch for SUSE Distro yet?
|
Is thare any patch for SUSE Distro yet?
I know reading is hard, but in the initial post it sez: "4. Solution This bug has been fixed in the 2.4.26 and 2.6.4 kernel releases. All users of vulnerable kernels are advised to upgrade to the latest kernel version." |
SuSE released finally a kernel patch that fixes and some other flaws, vulns as well.
Thanks for your response. |
All times are GMT -5. The time now is 08:35 PM. |