IMPORTANT: Exploit in kernel.

[iphitus]

http://linuxreviews.org/news/2004-06-11_ke...rash/index.html

 

There is a very very short C program that is capable of crashing the following kernels.

 

There ar already updates for Debian, and Mandrake ones soon. Other kernels may be affected.

 

# 2.6.7-rc2

# 2.6.6 (vanilla)

# 2.6.6-rc1 SMP (verified by blaise)

# 2.6.6 SMP (verified by riven)

# 2.6.6-debian (verified by arturaz)

# 2.6.5-gentoo (verified by RatiX)

# 2.6.5-mm6 - (verified by Mariux)

# 2.6.5 (fedora core 2 vanilla)

# 2.6.3-13mdk (Mandrake)# 2.4.26 vanilla

# 2.4.26, grsecurity 2.0 config

# 2.4.26-rc1 vanilla

# 2.4.26-gentoo-r1

# 2.4.22

# 2.4.22-1.2188 Fedora FC1 Kernel

# 2.4.20 RH7.3 (gcc 2.96)

# 2.4.18-bf2.4 (debian woody vanilla)

 

I ran the code on the site, and sure enough. It locked up the system hard. It just stopped.

It seems to affect GCC3.4 too on my self compiled 2.6.5 vanilla.

 

iphitus

[devries]

I don't see 2.6.4 in that list. Does that mean it's not affected or that there isn't any information about it? (don't want to try it myself :) )

[iphitus]

I don't see 2.6.4 in that list. Does that mean it's not affected or that there isn't any information about it? (don't want to try it myself :) )

Probably no information about it.

 

I ran it and im still alive

[Hirogen2]

Basically, it is in everything before 2.4.27 and 2.6.7

[Qchem]

2.6.7 has been released including the fix (a one-liner). The 2.4 fix is in bitkeeper.

 

Note this problem only effects x86 and x86_64 arch.

[Hirogen2]

If teh "asm" directories would also be split depending on containing hardware,

Note this problem only effects x86 and x86_64 arch.

this would affect all i387 FPUs, not only x86 and x86_64 :-)