Passes it's-not-crying-wolf test
Forum rules
Do not post support questions here. Before you post read the forum rules. Topics in this forum are automatically closed 6 months after creation.
Do not post support questions here. Before you post read the forum rules. Topics in this forum are automatically closed 6 months after creation.
-
lagagnon
Re: Passes it's-not-crying-wolf test
The above security threat relates to "sockets" and enterprise-class servers. As the vast majority of users here are personal workstation users with no ports open other than those absolutely necessary I don't think this is anything we should generally be concerned about.
Last edited by LockBot on Wed Dec 28, 2022 7:16 am, edited 1 time in total.
Reason: Topic automatically closed 6 months after creation. New replies are no longer allowed.
Reason: Topic automatically closed 6 months after creation. New replies are no longer allowed.
-
moodywoody
Re: Passes it's-not-crying-wolf test
While I agree that most users shouldn't be concerned about this, the vulnerability "affects all 2.4 and 2.6 kernels since 2001 on all architectures."lagagnon wrote:The above security threat relates to "sockets" and enterprise-class servers. As the vast majority of users here are personal workstation users with no ports open other than those absolutely necessary I don't think this is anything we should generally be concerned about.
Source
-
DrHu
Re: Passes it's-not-crying-wolf test
http://blog.cr0.org/2009/06/bypassing-l ... inter.htmlaged hippy wrote:Which is why i posted it, along with the "Worth being aware of" comment. :)
--some explanation of the exploit available..
However I think it will likely be addressed in the next Linux kernel 2.6.3x; if they think it is serious enough of an issue
--it is not so strange that there is more than one entry door, whether applications on the desktop or as part of the default install or the kernel(s) themselves..
Remotely ..
- In the realm of userland applications, exploiting them usually requires being able to somehow control the target's allocations until you get page zero mapped, and this can be very hard.
- Desktop Linux machines by default: pulseaudio. pulseaudio will drop privileges and let you specify a library to load though its -L argument. Exactly what we needed!
Once we have one page mapped in the forbidden area, it's game over. Nothing will prevent us from using mremap to grow the area and mprotect to change our access rights to PROT_READ|PROT_WRITE|PROT_EXEC. So this completely bypasses the Linux kernel's protection.
Re: Passes it's-not-crying-wolf test
Awww. Beaten to the punch by two days. Oh well, here's a link the the OP if you want it:
http://blog.cr0.org/2009/08/linux-null- ... ue-to.html
and how to use it here:
http://forums.linuxmint.com/viewtopic.p ... 4&p=181154
http://blog.cr0.org/2009/08/linux-null- ... ue-to.html
and how to use it here:
http://forums.linuxmint.com/viewtopic.p ... 4&p=181154