You are not logged in.
- Topics: Active | Unanswered
#1 2009-07-19 04:08:25
- broch
- Banned
- From: L.A. California
- Registered: 2006-11-13
- Posts: 975
fully patched kernel 2.6.30 and 2.6.30.1 vulnerability
This is really interesting. It seems that fully hardened kernels 2.6.30 and 2.6.30.1 are vulnerable to NULL pointer dereference. Both 32-bit and 64-bit versions. Vulnerability is fixed in 2.6.31-rc3 (however there is a lot of other problems with .31-rcX) and is not present in previous versions up to 2.6.29.6.
It does not seem to be a reason for panicking though. And it does not affect users who do not run hardened kernels (e.g. Arch default kernels). However this flaw also affect PulseAudio users. So keep default Arch kernel (or strip it further form any hardening options) and get rid of PulseAudio 
If anyone is interested:
http://www.theregister.co.uk/2009/07/17 … l_exploit/
http://threatpost.com/blogs/researcher- … rotections
Offline
#2 2009-07-19 12:13:31
- csstaub
- Member
- From: Switzerland
- Registered: 2009-02-09
- Posts: 37
Re: fully patched kernel 2.6.30 and 2.6.30.1 vulnerability
As far as I know the flaw affects everyone, but unless SELinux is enabled the attacker also needs a vulnerable setuid program (like PulseAudio) to exploit the hole. So not having PulseAudio installed doesn't mean you're secure.
Here's the original posting: http://seclists.org/fulldisclosure/2009/Jul/0241.html
Here's a video demonstration on YouTube: http://www.youtube.com/watch?v=UdkpJ13e6Z0
Offline
#3 2009-07-19 19:33:31
- broch
- Banned
- From: L.A. California
- Registered: 2006-11-13
- Posts: 975
Re: fully patched kernel 2.6.30 and 2.6.30.1 vulnerability
what i meant is that with hardened kernel, PulseAudio system is open.
Offline