previous Encrypted filesystem on OS X, Linux and Windows
Getting SuExec and TRAC to play nice next
11 02 2008

vmsplice exploit fix and patching on Debian

Posted by: drax in admin, exploitation, kernel, linux, security
Tags:

Some vulnerabilities in the Linux kernel where publicly disclosed on the 8th of February 2008. These can be exploited by any user to gain elevated privileges. A “local root” exploit was published Sunday which allows an arbitrary user to escalate to root privileges.

Affected versions: >= 2.6.17
Fixed in version: 2.6.24.2

Fix

You can download the vmsplice patch locally or from the official LKML thread: [PATCH] vmsplice exploit fix

Patching on Debian Etch

Update 12/02/08: Debian repositories have been updated and contain patched kernels. If you’re using a stock kernel, the following two commands should sort you out (providing you reboot afterwards).

1
2

aptitude update
aptitude upgrade

Install kernel sources

1
2
3
4
5
6
7

export KVER=`uname -r`
aptitude update
aptitude install linux-source-${KVER}
cd /usr/src
tar -xjf linux-source-${KVER}.tar.bz2
ln -s linux-source-${KVER} linux
cd linux

Patch kernel sources

1

patch < vmsplice.patch -p1

Compile kernel and install

You’ll want to copy your existing kernel configuration.

1
2
3
4
5
6

cp /boot/config-${KVER} .config
make-kpkg clean
make-kpkg --initrd --append-to-version=-mykernelname kernel_image
cd ..
dpkg -i linux-image-${KVER}-mykernelname_${KVER}-mykernelname-10.00.Custom_i386.deb
reboot

References

Tags:

This entry is filed under admin, exploitation, kernel, linux, security. You can follow responses to this entry through its RSS 2.0 feed. You can leave a response, or trackback from your own site.

8 Responses to “vmsplice exploit fix and patching on Debian”

  1. #1 miksuh says:
    February 12th, 2008 at 3:18 pm

    Patching the kernel is not necessary, because fixed kernels already are in the Debian repository . Ofcourse if you are building your own kernel then it’s different issue.

    If you are using standard stock Debian kernel’s then just do

    # apt-get update
    # apt-get upgrade

  2. #2 drax says:
    February 12th, 2008 at 8:16 pm

    They weren’t at the time of posting ;)
    Thanks for the remark, I’ll update the post.

  3. #3 juju says:
    February 15th, 2008 at 8:00 pm

    No, just upgrading debian did no do the trick for me. I was using debian etch with a 2.6.17.4 kernel

  4. #4 blog ntic de revolunet » upgrade sécurité dedibox says:
    February 15th, 2008 at 8:01 pm

    [...] Pour ceux qui souhaiterait installer leur propre kernel et le patcher, suivez le tuto de DrAx sur son (excellent) blog : vmsplice-exploit-fix-and-patching-on-debian [...]

  5. #5 drax says:
    February 16th, 2008 at 12:38 am

    Yes but you weren’t using a stock kernel were you? ;)

  6. #6 juju says:
    February 17th, 2008 at 12:56 pm

    i dont remember, maybe a special kernel from dedibox.fr ;)

  7. #7 juju says:
    February 17th, 2008 at 6:21 pm

    now im using 2.6.18-6-686 stock kernel and the kernel is patched

  8. #8 drax says:
    February 19th, 2008 at 1:31 am

    Glad to hear that.
    Bare in mind this patch was only a quick fix while waiting for debian and other linux distributions to update their repositories.
    This seems to be the case so people should just update the way they usually do.

Leave a Reply