Summary: | Kernel: IA32 Emulation Stack Underflow (CVE-2010-3081) | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Product: | Gentoo Security | Reporter: | Alex Legler (RETIRED) <a3li> | ||||||||
Component: | Kernel | Assignee: | Gentoo Security <security> | ||||||||
Status: | RESOLVED FIXED | ||||||||||
Severity: | normal | CC: | bernd, hardened-kernel+disabled, hiyuh.root, josh, kernel, kfm, rich0 | ||||||||
Priority: | High | ||||||||||
Version: | unspecified | ||||||||||
Hardware: | All | ||||||||||
OS: | Linux | ||||||||||
URL: | http://sota.gen.nz/compat1/ | ||||||||||
Whiteboard: | [linux < 2.6.36-rc4-git2] | ||||||||||
Package list: | Runtime testing required: | --- | |||||||||
Attachments: |
|
Description
Alex Legler (RETIRED)
2010-09-16 14:45:42 UTC
The grsec patch in hardened-sources-2.6.32-r18 and hardened-sources-2.6.34-r6 address this. Running 2.6.34-r6 fine and stable. *** Bug 338025 has been marked as a duplicate of this bug. *** Created attachment 248720 [details, diff]
Backported patch for 2.6.34.7
Applies cleanly to a stock 2.6.34.7 tree.
Hunk #1 FAILED at 360. 1 out of 1 hunk FAILED -- saving rejects to file include/linux/compat.h.rej We need this to apply to -r10, I will look at it tonight after work. > We need this to apply to -r10, I will look at it tonight after work.
I can't reproduce this failure ...
# ACCEPT_KEYWORDS="~amd64" emerge =gentoo-sources-2.6.34-r10
# cp -a linux-2.6.34-gentoo-r10 linux-2.6.34-gentoo-r10.orig
# cd linux-2.6.34-gentoo-r10
# patch -p1 < ../2.6.34.7_compat_alloc_user_space-incorporate-access_ok.patch
patching file arch/ia64/include/asm/compat.h
patching file arch/mips/include/asm/compat.h
patching file arch/parisc/include/asm/compat.h
patching file arch/powerpc/include/asm/compat.h
patching file arch/s390/include/asm/compat.h
patching file arch/sparc/include/asm/compat.h
patching file arch/x86/include/asm/compat.h
patching file include/linux/compat.h
patching file kernel/compat.c
Also:
# md5sum ../2.6.34.7_compat_alloc_user_space-incorporate-access_ok.patch
15b14e282250beec58b0298091f9a1b9 ../2.6.34.7_compat_alloc_user_space-incorporate-access_ok.patch
I am using genpatches/2.6.34 right from svn. Possobly I have something in there that is not yet in r10. I will have to look at this after work. real job first. Created attachment 248808 [details, diff]
Patches cleanly against 2.6.34-r10
Adding patch tested to work against 2.6.34-r10
Created attachment 248810 [details]
2.6.34-r10 ebuild using 2.6.34-compat-alloc.patch
Released in gentoo-sources-2.6.34-r11. For anyone who is concerned that they may have been exposed and subsequently exploited, here is a tool from Ksplice which checks for known backdoors: http://www.ksplice.com/uptrack/cve-2010-3081 Please consult the gentoo linux vulnerability treatment guide if you have further questions regarding the severity, before changing it. I read it and am unable to fathom how the evaulation can be determined as anything other than A1 (critical) ... A = System/Common Package 1 = Local privilege escalation: flaw allowing root compromise when you have local access |