{"id":524,"date":"2008-02-12T15:40:12","date_gmt":"2008-02-12T15:40:12","guid":{"rendered":"http:\/\/blografia.net\/vicm3\/?p=524"},"modified":"2008-02-12T15:40:12","modified_gmt":"2008-02-12T15:40:12","slug":"kernel-local-exploit","status":"publish","type":"post","link":"https:\/\/blografia.net\/vicm3\/2008\/02\/kernel-local-exploit\/","title":{"rendered":"!Kernel local exploit!"},"content":{"rendered":"

Fue la gran noticia, el domingo y ayer… parece que sin embargo no ha sido noticia, que se arreglo como a las 36 horas. (Se que lo han hecho tambien en RH, SUSE y otros, pero actualmente ya no tengo en producci\u00f3n ningun RH, al menos a mi cargo), pero al menos en Debian ya esta resuelto…<\/p>\n

\nvicm3@foo:~$ .\/a.out
\n———————————–
\n Linux vmsplice Local Root Exploit
\n By qaaz
\n———————————–
\n[+] mmap: 0x0 .. 0x1000
\n[+] page: 0x0
\n[+] page: 0x20
\n[+] mmap: 0x4000 .. 0x5000
\n[+] page: 0x4000
\n[+] page: 0x4020
\n[+] mmap: 0x1000 .. 0x2000
\n[+] page: 0x1000
\n[+] mmap: 0xb7e5c000 .. 0xb7e8e000
\n[-] vmsplice: Bad address
\nvicm3@foo:~$ uname -a
\nLinux foo 2.6.18-6-686 #1 SMP Sun Feb 10 22:11:31 UTC 2008 i686 GNU\/Linux\n<\/p><\/blockquote>\n

De la pagina de anuncios de seguridad<\/a>:<\/p>\n

**Debian Security Advisory
\nDSA-1494-1 linux-2.6 — missing access checks<\/p>\n

Date Reported:<\/p>\n

11 Feb 2008<\/p>\n

Affected Packages:<\/p>\n

linux-2.6 <\/p>\n

Vulnerable:<\/p>\n

Yes<\/p>\n

Security database references:<\/p>\n

In Mitre’s CVE dictionary: CVE-2008-0163, CVE-2008-0600.<\/p>\n

More information:<\/p>\n

The vmsplice system call did not properly verify address arguments passed by user space processes, which allowed local attackers to overwrite arbitrary kernel memory, gaining root privileges (CVE-2008-0600).<\/p>\n

In the vserver-enabled kernels, a missing access check on certain symlinks in \/proc enabled local attackers to access resources in other vservers (CVE-2008-0163).<\/p>\n

The old stable distribution (sarge) is not affected by this problem.<\/p>\n

For the stable distribution (etch), this problem has been fixed in version 2.6.18.dfsg.1-18etch1.<\/p>\n

In addition to these fixes, this update also incorporates changes from the upcoming point release of the stable distribution.<\/p>\n

The unstable (sid) and testing distributions will be fixed soon.<\/p>\n

We recommend that you upgrade your linux-2.6 package.<\/p>\n

[snip]
\n**<\/p>\n

C’est la vie.<\/p>\n","protected":false},"excerpt":{"rendered":"

Fue la gran noticia, el domingo y ayer… parece que sin embargo no ha sido noticia, que se arreglo como a las 36 horas. (Se que lo han hecho tambien en RH, SUSE y otros, pero actualmente ya no tengo … Sigue leyendo →<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"advanced_seo_description":"","jetpack_seo_html_title":"","jetpack_seo_noindex":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2},"jetpack_post_was_ever_published":false},"categories":[1],"tags":[],"class_list":["post-524","post","type-post","status-publish","format-standard","hentry","category-sin-categoria"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack-related-posts":[{"id":526,"url":"https:\/\/blografia.net\/vicm3\/2008\/02\/y-seguimos-con-vmsplice\/","url_meta":{"origin":524,"position":0},"title":"Y seguimos con vmsplice…","author":"vicm3","date":"13 febrero, 2008","format":false,"excerpt":"Que la canci\u00f3n repare el asunto del kernel en m\u00ed maquina, pero romp\u00ed la aceleraci\u00f3n de OpenGL para la trinche tarjeta nvidia que tengo (nVidia Corporation NV18 [GeForce4 MX 440 AGP 8x]), voy a hacer un sumario r\u00e1pido de que burradas comet\u00ed: Primero, envi\u00e9 un bugreport al BTS de debian\u2026","rel":"","context":"En \u00abSin categor\u00eda\u00bb","block_context":{"text":"Sin categor\u00eda","link":"https:\/\/blografia.net\/vicm3\/category\/sin-categoria\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":532,"url":"https:\/\/blografia.net\/vicm3\/2008\/03\/nuevo-exploit-2wire-viejo-exploit\/","url_meta":{"origin":524,"position":1},"title":"Nuevo exploit 2wire (viejo exploit)","author":"vicm3","date":"1 marzo, 2008","format":false,"excerpt":"Bueno no demasiada novedad, pero parece ser que mediante flash, tambien se puede cambiar el password del 2wire. (nota mas bien muestra el flash mientras ejecuta otras cosas, wget ayuda mucho) http:\/\/promociones-telcel.mx.gd vicm3@avalon:~$ wget http:\/\/promociones-telcel.mx.gd --15:14:54-- http:\/\/promociones-telcel.mx.gd\/ => `index.html' Resolving promociones-telcel.mx.gd... 213.177.195.71 Connecting to promociones-telcel.mx.gd|213.177.195.71|:80... connected. HTTP request sent, awaiting\u2026","rel":"","context":"En \u00abSin categor\u00eda\u00bb","block_context":{"text":"Sin categor\u00eda","link":"https:\/\/blografia.net\/vicm3\/category\/sin-categoria\/"},"img":{"alt_text":"","src":"http:\/\/home\/xslt?PAGE=H04_POST&THISPAGE=H04&NEXTPAGE=J38&PASSWORD=admin","width":350,"height":200},"classes":[]},{"id":2423,"url":"https:\/\/blografia.net\/vicm3\/2022\/01\/disco-duro-fallando-o-no\/","url_meta":{"origin":524,"position":2},"title":"Disco duro fallando… \u00bfo no?","author":"vicm3","date":"30 enero, 2022","format":false,"excerpt":"En enero por ah\u00ed del 27 perd\u00ed medio d\u00eda creando un USB bootable de Seatools [1], no me funcion\u00f3 mi propia receta de usar Yumi (voy a tener que ponerle hasta que version funciona, con las nuevas no lo hace) y al final tuve que conseguir una m\u00e1quina con Windows\u2026","rel":"","context":"En \u00abDebraye\u00bb","block_context":{"text":"Debraye","link":"https:\/\/blografia.net\/vicm3\/category\/debraye\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":1690,"url":"https:\/\/blografia.net\/vicm3\/2016\/11\/azure-quirks\/","url_meta":{"origin":524,"position":3},"title":"Azure quirks","author":"vicm3","date":"14 noviembre, 2016","format":false,"excerpt":"[root@foo html]# time cp src31\/ leiyp -a real 3m33.343s user 0m0.447s sys 0m5.144s [root@foo html]# time cp src31\/ lep -a real 0m14.093s user 0m0.320s sys 0m4.000s [root@foo html]# time cp src31\/ les -a real 0m7.885s user 0m0.339s sys 0m4.237s [root@foo html]# time cp src31\/ lems -a real 0m9.902s user 0m0.324s\u2026","rel":"","context":"En \u00abGeneral\u00bb","block_context":{"text":"General","link":"https:\/\/blografia.net\/vicm3\/category\/general\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":1789,"url":"https:\/\/blografia.net\/vicm3\/2017\/09\/en-el-limite\/","url_meta":{"origin":524,"position":4},"title":"\u00bfEn el l\u00edmite?","author":"vicm3","date":"4 septiembre, 2017","format":false,"excerpt":"Recientemente me han estado llegando correos de DreamHost, donde hospedo mis sitios de que algunos servicios se han reiniciado, pero no tenia muy claro a que se podr\u00edan referir, especialmente porque hace referencia al uso de memoria: \u201cOur monitoring systems show that one (or some) of your user accounts may\u2026","rel":"","context":"En \u00abGeneral\u00bb","block_context":{"text":"General","link":"https:\/\/blografia.net\/vicm3\/category\/general\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":112,"url":"https:\/\/blografia.net\/vicm3\/2005\/06\/publicacin_de_debian_gnulinux_31\/","url_meta":{"origin":524,"position":5},"title":"Publicaci\u00f3n de Debian GNU\/Linux 3.1","author":"vicm3","date":"6 junio, 2005","format":false,"excerpt":"6 de junio de 2005 El proyecto Debian tiene el placer de anunciar la publicaci\u00f3n de Debian GNU\/Linux 3.1, de nombre en clave \u00absarge\u00bb, despu\u00e9s de casi tres a\u00f1os de desarrollo continuo. Debian GNU\/Linux es un sistema operativo libre que ofrece soporte para once arquitecturas de microprocesador distintas, incluye los\u2026","rel":"","context":"En \u00abSin categor\u00eda\u00bb","block_context":{"text":"Sin categor\u00eda","link":"https:\/\/blografia.net\/vicm3\/category\/sin-categoria\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"_links":{"self":[{"href":"https:\/\/blografia.net\/vicm3\/wp-json\/wp\/v2\/posts\/524","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blografia.net\/vicm3\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blografia.net\/vicm3\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blografia.net\/vicm3\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/blografia.net\/vicm3\/wp-json\/wp\/v2\/comments?post=524"}],"version-history":[{"count":0,"href":"https:\/\/blografia.net\/vicm3\/wp-json\/wp\/v2\/posts\/524\/revisions"}],"wp:attachment":[{"href":"https:\/\/blografia.net\/vicm3\/wp-json\/wp\/v2\/media?parent=524"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blografia.net\/vicm3\/wp-json\/wp\/v2\/categories?post=524"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blografia.net\/vicm3\/wp-json\/wp\/v2\/tags?post=524"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}