|
Quote:
If anyone has different findings, let me know. |
I'm not sure if the concept is the real thing, but there is a kernel patch for this exploit on git, I have seen it yesterday.
Just posted because the source web page noted all kernels > 3.8 were affected, I did not test the code that was made public by the author. Seems that debian and some other distros were patched for it recently, and I've seen comments saying grsec prevents this from happening. Thank you for testing this, much appreciated. |
The official Slackware Forum being easily spammed by some (Korean?) junkies can be considered a security vulnerability too, sine-die? :hattip:
|
Wow this is interesting how well they've spammed this forum, I thought my browsers were screwed up.
|
Not just this forum, Linux-Newbie and Linux-Security contains spam posts as well.
|
North Korea hacked us?
I thought that they are Linux friendly, after all, considering that it is their National Operating System... ;) |
Quote:
Also did not work. I took exploit source from here: https://gist.github.com/PerceptionPo...6d1c0f8531ff8f Code:
$ uname -a |
However here is a kernel patch:
https://git.kernel.org/cgit/linux/ke...ccdd9800a540f2 I have run the example in Slackware 14.1 64 bits with kernel 3.10.17 (serie) and 3.10.90 (compiled by me) and according to the example both kernels are malfunctioning. |
Quote:
|
Right now I'm doing it, boss.
|
With Slackware 14.1 64 bits and kernel 3.10.90 the exploit does not succeed in gaining root privileges.
|
Same result with Slackware 14.1 64 bits and kernel 3.10.17: the exploit does not work.
|
Hello, there is a new kernel, v3.10.95 with the patch that reference CVE-2016-0728. There is also other changes related to keyring.
Here is the kernel v3.10.95 ChangeLog: https://cdn.kernel.org/pub/linux/ker...ngeLog-3.10.95 Manuel |
PHP 5.6.17 and 5.5.39 are out which fixes CVE-2016-1903.
|
|
| All times are GMT -5. The time now is 09:53 PM. |