New Kernel Crash-Exploit discovered

shadov · 2004-06-14 13:53:22

http://linuxreviews.org/news/2004-06-11 … index.html

A bug lets a simple C program crash the kernel, effectively locking the whole system. Affects both 2.4.2x and 2.6.x kernels on the x86 architecture.
...
This bug is confirmed to be present when the code is compiled with GCC version 3.0, 3.1, 3.2, 3.3 and 3.3.2 and used on Linux kernel versions 2.4.2x and 2.6.x x86 systems.
...
Using this exploit to crash Linux systems requires the (ab)user to have shell access. The program works on any normal user account, root access is not required.

Can anyone confirm GCC 3.4 ?

Bobonov · 2004-06-14 14:47:15

I dunno for gcc 3.4, but anyway it is noting very dangerous because you need local acces to do it.
So if some bad guy or girl has already gained local access it already can do a muc more damage without any need to use this trick.

For sure it is a vulnerability and need to be fixed, so stay tuned for next kernel update.

topito · 2004-06-14 16:06:57

Linux andromeda 2.6.6-cko1 #5 Mon Jun 7 19:45:40 CEST 2004 i686 unknown unknown GNU/Linux

compiled with gcc 3.4.0.

I had to do a reboot....... :oops:

Bobonov · 2004-06-15 07:06:51

user to have shell access or other means of uploading and running the program

For me that's local access, when a user can login in a shell and/or upload files and execute this is local acces.
That's why I say that once a bad guy has this kind of access 10 code line of C is the last of your problem.

shadov · 2004-06-16 13:12:08

It's fixed in 2.6.7.

I upgraded an hour ago... sofar everything seems fine.

Arch Linux

#1 2004-06-14 13:53:22

New Kernel Crash-Exploit discovered

#2 2004-06-14 14:47:15

Re: New Kernel Crash-Exploit discovered

#3 2004-06-14 16:06:57

Re: New Kernel Crash-Exploit discovered

#4 2004-06-15 07:06:51

Re: New Kernel Crash-Exploit discovered

#5 2004-06-16 13:12:08

Re: New Kernel Crash-Exploit discovered

Board footer