140444 2006-07-14 23:40 0000 Kernel: Local privilege escalation (CVE-2006-3626) 2009-07-11 12:22:59 0000 1 1 1 Unclassified Gentoo Security Kernel unspecified All Linux RESOLVED FIXED http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.17.y.git;a=commit;h=4a7ac3ab06932949d3069c1811f6f2a310f656c4 [linux <2.6.16.25] [linux >=2.6.17 <2.6.17.5] P2 normal --- 1 dragonheart@gentoo.org security@gentoo.org agriffis@gentoo.org chrb@gentoo.org jesse@boldandbusted.com johnm@gentoo.org kang@gentoo.org kernel@gentoo.org kumba@gentoo.org marineam@gentoo.org phil@anyware-tech.com dragonheart@gentoo.org 2006-07-14 23:40:42 0000 A Linux Kernel Exploit was posted to Full-Disclosure effecting the 2.6.x kernels. The attached code exploits a root race in /proc, The exploit has been acknowledged and a patch is now available. The exploit can be found: http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/047913.html A patch for this exploit can be found here: http://lkml.org/lkml/diff/2006/7/14/306/1 (written by _array on #gentoo-hardened) Note: http://lkml.org/lkml/2006/7/15/5 says that <HAL-0.5.7 may have troubles latest gentoo stable is hal-0.5.5.1-r3 (all arches) dragonheart@gentoo.org 2006-07-15 00:17:24 0000 CVE from http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.17.5 plasmaroo@gentoo.org 2006-07-15 05:44:44 0000 Please do *not* use the 2.6.16.25 or 2.6.17.5 fix; I'm attaching a better one which shouldn't break HAL & etc... plasmaroo@gentoo.org 2006-07-15 05:45:24 0000 Created an attachment (id=91781) Patch plasmaroo@gentoo.org 2006-07-15 07:08:26 0000 Maintainers please bump your genpatches (2.6.16-15 or 2.6.17-4) or use the attached patch (don't use 2.6.17.5): ck-sources: marineam hardened-sources-2.6: johnm, hardened hppa-sources: GMSoft mips-sources: `Kumba rsbac-sources: kang sh-sources: sh suspend2-sources: brix usermode-sources: dang xbox-sources: chrb xen-sources: chrb, agriffis dragonheart@gentoo.org 2006-07-15 07:10:33 0000 workaround for those waiting for a release is to mount proc with options nosuid as suggested by padde in #gentoo-bugs phreak@gentoo.org 2006-07-15 07:24:28 0000 gentoo-sources-2.6.16/2.6.17 -> done suspend2-sources-2.6.16/2.6.17 -> done phreak@gentoo.org 2006-07-15 08:06:15 0000 openvz-sources-026.015 (2.6.16) -> done phreak@gentoo.org 2006-07-15 08:34:28 0000 ck-sources-2.6.16/2.6.17 -> done solar@gentoo.org 2006-07-15 09:04:19 0000 hardened-sources-2.6.16-r11 bumped with genpatches 14 dang@gentoo.org 2006-07-15 09:53:38 0000 usermode-sources bumped. solar@gentoo.org 2006-07-15 10:53:14 0000 (In reply to comment #9) I ment 15 dsd@gentoo.org 2006-07-15 17:35:07 0000 *** Bug 140581 has been marked as a duplicate of this bug. *** plasmaroo@gentoo.org 2006-07-17 09:11:50 0000 *** Bug 140797 has been marked as a duplicate of this bug. *** langthang@gentoo.org 2006-07-17 10:05:01 0000 (In reply to comment #4) > Maintainers please bump your genpatches (2.6.16-15 or 2.6.17-4) or use the > attached patch (don't use 2.6.17.5): > > ck-sources: marineam > hardened-sources-2.6: johnm, hardened > hppa-sources: GMSoft > mips-sources: `Kumba > rsbac-sources: kang > sh-sources: sh > suspend2-sources: brix > usermode-sources: dang > xbox-sources: chrb > xen-sources: chrb, agriffis > 2.6.16.26 fix these issues right? If so I have copied xen-sources-2.6.16.18 to xen-sources-2.6.16.26 and and it WFM on my xen test box. HTH. plasmaroo@gentoo.org 2006-07-17 13:24:11 0000 (In reply to comment #14) > 2.6.16.26 fix these issues right? If so I have copied xen-sources-2.6.16.18 to > xen-sources-2.6.16.26 and and it WFM on my xen test box. Yes, .26 fixes these issues correctly. gmsoft@gentoo.org 2006-07-18 13:04:20 0000 Fixed on hppa. First commit from my new place \o/ chrb@gentoo.org 2006-07-19 13:47:44 0000 I've updated xen and xbox -sources to 2.6.16.26. hlieberman@gentoo.org 2006-11-01 19:06:22 0000 SH, RSBAC, this one too. Bump or patch. kang@gentoo.org 2006-11-09 06:40:26 0000 rsbac-sources bumped to 2.6.18 in ~ hlieberman@gentoo.org 2006-11-09 18:26:55 0000 As discussed in the past, SH no longer is kept track of by Gentoo Kernel Security. Closing bug. 91781 2006-07-15 05:45 0000 Patch 1505_procfs-dumpable-race.patch text/plain SW5kZXg6IGxpbnV4LTIuNi4xNi1nZW50b28tcjEyL2ZzL3Byb2MvYmFzZS5jCj09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0K LS0tIGxpbnV4LTIuNi4xNi1nZW50b28tcjEyLm9yaWcvZnMvcHJvYy9iYXNlLmMKKysrIGxpbnV4 LTIuNi4xNi1nZW50b28tcjEyL2ZzL3Byb2MvYmFzZS5jCkBAIC0xMzY3LDYgKzEzNjcsNyBAQCBz dGF0aWMgaW50IHBpZF9yZXZhbGlkYXRlKHN0cnVjdCBkZW50cnkgCiAJCQlpbm9kZS0+aV91aWQg PSAwOwogCQkJaW5vZGUtPmlfZ2lkID0gMDsKIAkJfQorCQlpbm9kZS0+aV9tb2RlICY9IH4oU19J U1VJRCB8IFNfSVNHSUQpOwogCQlzZWN1cml0eV90YXNrX3RvX2lub2RlKHRhc2ssIGlub2RlKTsK IAkJcmV0dXJuIDE7CiAJfQpAQCAtMTM5NCw2ICsxMzk1LDcgQEAgc3RhdGljIGludCB0aWRfZmRf cmV2YWxpZGF0ZShzdHJ1Y3QgZGVudAogCQkJCWlub2RlLT5pX3VpZCA9IDA7CiAJCQkJaW5vZGUt PmlfZ2lkID0gMDsKIAkJCX0KKwkJCWlub2RlLT5pX21vZGUgJj0gfihTX0lTVUlEIHwgU19JU0dJ RCk7CiAJCQlzZWN1cml0eV90YXNrX3RvX2lub2RlKHRhc2ssIGlub2RlKTsKIAkJCXJldHVybiAx OwogCQl9Cg==