Bug 432517
| Summary: | Vulnerability to CVE-2008-0600 (vmsplice) | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Jan ONDREJ <ondrejj> |
| Component: | kernel-xen-2.6 | Assignee: | Eduardo Habkost <ehabkost> |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | urgent | Docs Contact: | |
| Priority: | urgent | ||
| Version: | 8 | CC: | berrange, ehabkost, itamar, ma, russell |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | 2.6.21-2957.fc8 | Doc Type: | Bug Fix |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2008-02-13 04:48:35 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Jan ONDREJ
2008-02-12 15:44:07 UTC
F-8 update building: http://koji.fedoraproject.org/koji/taskinfo?taskID=419352 F-7 update building: http://koji.fedoraproject.org/koji/taskinfo?taskID=419363 (In reply to comment #1) > F-8 update building: http://koji.fedoraproject.org/koji/taskinfo?taskID=419352 Oops, that was the URL for the Rawhide build. F-8 update is being built here: http://koji.fedoraproject.org/koji/taskinfo?taskID=419415 Thank you. Can I ask you to add EVR for new releases as described here: http://fedoraproject.org/wiki/Packaging/Guidelines?highlight=%28guidelines%29%7C%28packaging%29#head-b7d622f4bb245300199c6a33128acce5fb453213 http://fedoraproject.org/wiki/PackagingDrafts/Changelog ? No, the xen kernels follow the style of the regular kernel spec files. The EVR are not entered manually. They are automatically computed based on the CVS revision number. We're not going to second guess the CVS revision in changelogs May be for start it's enough to add version (without epoch and release). It can be helpful to see, which changes have been made in which release. Kernel 2.6.21-2957.fc8xen works well for me. Exploit is not usable. Thanks for quick response. Linux vmsplice Local Root Exploit By qaaz ----------------------------------- [+] mmap: 0x0 .. 0x1000 [+] page: 0x0 [+] page: 0x20 [+] mmap: 0x4000 .. 0x5000 [+] page: 0x4000 [+] page: 0x4020 [+] mmap: 0x1000 .. 0x2000 [+] page: 0x1000 [+] mmap: 0xb7f1d000 .. 0xb7f4f000 [-] vmsplice: Bad address kernel-xen-2.6-2.6.21-7.fc7 has been submitted as an update for Fedora 7 kernel-xen-2.6-2.6.21-2957.fc8 has been submitted as an update for Fedora 8 kernel-xen-2.6-2.6.21-2957.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report. kernel-xen-2.6-2.6.21-7.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report. Attaching 2.6.21-7.fc7xen testing results: [testuser@hp-xw8600-01 tmp]$ ./2008-0600 ----------------------------------- Linux vmsplice Local Root Exploit By qaaz ----------------------------------- [+] mmap: 0x0 .. 0x1000 [+] page: 0x0 [+] page: 0x20 [+] mmap: 0x4000 .. 0x5000 [+] page: 0x4000 [+] page: 0x4020 [+] mmap: 0x1000 .. 0x2000 [+] page: 0x1000 [+] mmap: 0xb7f7f000 .. 0xb7fb1000 [-] vmsplice: Bad address [testuser@ Exploit no more present in this kernel. Attaching 2.6.21-2957.fc8xen testing results: [testuser@nec-em7 tmp]$ ./2008-0600 ----------------------------------- Linux vmsplice Local Root Exploit By qaaz ----------------------------------- [+] mmap: 0x0 .. 0x1000 [+] page: 0x0 [+] page: 0x20 [+] mmap: 0x4000 .. 0x5000 [+] page: 0x4000 [+] page: 0x4020 [+] mmap: 0x1000 .. 0x2000 [+] page: 0x1000 [+] mmap: 0xb7f30000 .. 0xb7f62000 [-] vmsplice: Bad address [testuser@nec-em7 tmp]$ Issue no more present in this kernel -> this one can be closed. This bug is already closed. Please do not put more result until you find another hack. Thank you. |