Local root exploit in Linux kernels 2.6.17 to 2.6.24

February 11, 2008

Submitted by: Taoufix

Category: Computers

193 views

The exploit allow local users to gain root access using a “proof of concept” exploit. The exploit worked on my machine (Kernel 2.6.22-gentoo-r2).
The bug report:

And here’s a working patch:

--- a/fs/splice.c
+++ b/fs/splice.c
@@ -1234,7 +1234,7 @@ static int get_iovec_page_array(const struct iovec __user *iov,
                if (unlikely(!len))
                        break;
                error = -EFAULT;
-               if (unlikely(!base))
+               if (!access_ok(VERIFY_READ, base, len))
                        break;
 
                /*
If you liked this, please share it at your favorite sites:
  • Digg
  • Reddit
  • del.icio.us
  • Wikio
  • Facebook
  • Google
  • Technorati
  • TwitThis
  • MySpace
  • N4G
  • NewsVine
  • StumbleUpon
  • BlogMemes
  • Blogsvine
  • blogtercimlap
  • description
  • eKudos
  • Faves
  • Fleck
  • Scoopeo
  • Socialogs
  • Upnews
  • Yigg
  • E-mail this story to a friend!
  • Mixx

Leave a Reply

:D :) :cry: :( 8O :twisted: :!: :vangry: :XO: :up: ;) :mrgreen: :halo: :kiss: :roll: :? 8) :evil: :oops: :| :?: :x :$: more »