Description of problem: kernel-xen is still vulnerable to this vulnerability. Hack tested on my machine. Version-Release number of selected component (if applicable): kernel-xen-2.6.21-2952.fc8 may be the .fc7 version too How reproducible: always Steps to Reproduce: 1. use the exploit Actual results: User root. Expected results: non hacked system :) Additional info: For more information see these bugs: https://bugzilla.redhat.com/show_bug.cgi?id=432229 https://bugzilla.redhat.com/show_bug.cgi?id=432283 I have a try to patch latest stable fedora kernel with patch from stable kernel. You can see my package here: http://www.salstar.sk/pub/fedora/testing/8/kernel-xen-2.6-2.6.21-2952.fc8.1.src.rpm If you need patch and spec only, just tell me.
F-8 update building: http://koji.fedoraproject.org/koji/taskinfo?taskID=419352
F-7 update building: http://koji.fedoraproject.org/koji/taskinfo?taskID=419363
(In reply to comment #1) > F-8 update building: http://koji.fedoraproject.org/koji/taskinfo?taskID=419352 Oops, that was the URL for the Rawhide build. F-8 update is being built here: http://koji.fedoraproject.org/koji/taskinfo?taskID=419415
Thank you. Can I ask you to add EVR for new releases as described here: http://fedoraproject.org/wiki/Packaging/Guidelines?highlight=%28guidelines%29%7C%28packaging%29#head-b7d622f4bb245300199c6a33128acce5fb453213 http://fedoraproject.org/wiki/PackagingDrafts/Changelog ?
No, the xen kernels follow the style of the regular kernel spec files. The EVR are not entered manually. They are automatically computed based on the CVS revision number. We're not going to second guess the CVS revision in changelogs
May be for start it's enough to add version (without epoch and release). It can be helpful to see, which changes have been made in which release. Kernel 2.6.21-2957.fc8xen works well for me. Exploit is not usable. Thanks for quick response. Linux vmsplice Local Root Exploit By qaaz ----------------------------------- [+] mmap: 0x0 .. 0x1000 [+] page: 0x0 [+] page: 0x20 [+] mmap: 0x4000 .. 0x5000 [+] page: 0x4000 [+] page: 0x4020 [+] mmap: 0x1000 .. 0x2000 [+] page: 0x1000 [+] mmap: 0xb7f1d000 .. 0xb7f4f000 [-] vmsplice: Bad address
kernel-xen-2.6-2.6.21-7.fc7 has been submitted as an update for Fedora 7
kernel-xen-2.6-2.6.21-2957.fc8 has been submitted as an update for Fedora 8
kernel-xen-2.6-2.6.21-2957.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.
kernel-xen-2.6-2.6.21-7.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report.
Attaching 2.6.21-7.fc7xen testing results: [testuser@hp-xw8600-01 tmp]$ ./2008-0600 ----------------------------------- Linux vmsplice Local Root Exploit By qaaz ----------------------------------- [+] mmap: 0x0 .. 0x1000 [+] page: 0x0 [+] page: 0x20 [+] mmap: 0x4000 .. 0x5000 [+] page: 0x4000 [+] page: 0x4020 [+] mmap: 0x1000 .. 0x2000 [+] page: 0x1000 [+] mmap: 0xb7f7f000 .. 0xb7fb1000 [-] vmsplice: Bad address [testuser@ Exploit no more present in this kernel.
Attaching 2.6.21-2957.fc8xen testing results: [testuser@nec-em7 tmp]$ ./2008-0600 ----------------------------------- Linux vmsplice Local Root Exploit By qaaz ----------------------------------- [+] mmap: 0x0 .. 0x1000 [+] page: 0x0 [+] page: 0x20 [+] mmap: 0x4000 .. 0x5000 [+] page: 0x4000 [+] page: 0x4020 [+] mmap: 0x1000 .. 0x2000 [+] page: 0x1000 [+] mmap: 0xb7f30000 .. 0xb7f62000 [-] vmsplice: Bad address [testuser@nec-em7 tmp]$ Issue no more present in this kernel -> this one can be closed.
This bug is already closed. Please do not put more result until you find another hack. Thank you.