11
02
2008
vmsplice exploit fix and patching on Debian
Posted by: drax in admin, exploitation, kernel, linux, securityTags: debian
Some vulnerabilities in the Linux kernel where publicly disclosed on the 8th of February 2008. These can be exploited by any user to gain elevated privileges. A “local root” exploit was published Sunday which allows an arbitrary user to escalate to root privileges.
Affected versions: >= 2.6.17
Fixed in version: 2.6.24.2
Fix
You can download the vmsplice patch locally or from the official LKML thread: [PATCH] vmsplice exploit fix
Patching on Debian Etch
Update 12/02/08: Debian repositories have been updated and contain patched kernels. If you’re using a stock kernel, the following two commands should sort you out (providing you reboot afterwards).
1 2 | aptitude update aptitude upgrade |
Install kernel sources
1 2 3 4 5 6 7 | export KVER=`uname -r` aptitude update aptitude install linux-source-${KVER} cd /usr/src tar -xjf linux-source-${KVER}.tar.bz2 ln -s linux-source-${KVER} linux cd linux |
Patch kernel sources
1 | patch < vmsplice.patch -p1 |
Compile kernel and install
You’ll want to copy your existing kernel configuration.
1 2 3 4 5 6 | cp /boot/config-${KVER} .config make-kpkg clean make-kpkg --initrd --append-to-version=-mykernelname kernel_image cd .. dpkg -i linux-image-${KVER}-mykernelname_${KVER}-mykernelname-10.00.Custom_i386.deb reboot |
References
- http://www.isec.pl/vulnerabilities/isec-0026-vmsplice_to_kernel.txt
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=465246
- http://milw0rm.com/exploits/5092
- http://milw0rm.com/exploits/5093
February 12th, 2008 at 3:18 pm
Patching the kernel is not necessary, because fixed kernels already are in the Debian repository . Ofcourse if you are building your own kernel then it’s different issue.
If you are using standard stock Debian kernel’s then just do
# apt-get update
# apt-get upgrade
February 12th, 2008 at 8:16 pm
They weren’t at the time of posting
Thanks for the remark, I’ll update the post.
February 15th, 2008 at 8:00 pm
No, just upgrading debian did no do the trick for me. I was using debian etch with a 2.6.17.4 kernel
February 15th, 2008 at 8:01 pm
[...] Pour ceux qui souhaiterait installer leur propre kernel et le patcher, suivez le tuto de DrAx sur son (excellent) blog : vmsplice-exploit-fix-and-patching-on-debian [...]
February 16th, 2008 at 12:38 am
Yes but you weren’t using a stock kernel were you?
February 17th, 2008 at 12:56 pm
i dont remember, maybe a special kernel from dedibox.fr
February 17th, 2008 at 6:21 pm
now im using 2.6.18-6-686 stock kernel and the kernel is patched
February 19th, 2008 at 1:31 am
Glad to hear that.
Bare in mind this patch was only a quick fix while waiting for debian and other linux distributions to update their repositories.
This seems to be the case so people should just update the way they usually do.