 
| Subject: | |
| From: | |
| Reply To: | |
| Date: | Fri, 14 Aug 2009 13:33:30 +0200 |
| Content-Type: | text/plain |
| Parts/Attachments: |
|
|
On Fri, 2009-08-14 at 13:28 +0200, Urs Beyerle wrote:
> Try unload and remove the following kernel modules:
>
> ipx.ko
> irda.ko
> x25.ko
> ax25.ko
> bluetooth.ko
> sctp.ko
> pppoe.ko
> pppox.ko
>
> Does this help?
Yes it helps.
It also helps (on SL5) to disable SELinux and reboot...
Cheers,
Stephan
> Urs
>
> Stephan Wiesand wrote:
> > On Fri, 2009-08-14 at 11:59 +0100, Dr Andrew C Aitchison wrote:
> >
> >> On Fri, 14 Aug 2009, Urs Beyerle wrote:
> >>
> >>> I guess SL is affected like most other Linux distributions.
> >>>
> >>> I'm not 100% sure, but setting vm.mmap_min_addr to a value above 0
> >>> should prevent an exploit.
> >>>
> >>> # sysctl vm.mmap_min_addr=4096
> >>>
> >> The default on my SL53 machines appears to be 65536
> >> so there may be no need to do this.
> >>
> >> And Stephan Wiesand <[log in to unmask]> replied:
> >>
> >>> I successfully rooted a 32bit SL5 system with SELinux enabled
> >>> and vm.mmap_min_addr=64k with the public exploit :-(
> >>>
> >> Did this machine have kernel-2.6.18-128.4.1.el5 and hence the
> >> fix for CVE-2009-1895 which allows a user to bypass mmap_min_addr - see
> >>
> >
> > Yes.
> >
> >
> >> https://rhn.redhat.com/errata/RHSA-2009-1193.html ?
> >> Though I did see that there are other ways of bypassing
> >> vm.mmap_min_addr :-(
> >>
> >
> > Yes, and they work fine :-/
> >
> >
--
Stephan Wiesand
DESY - DV -
Platanenallee 6
15738 Zeuthen, Germany
|
|
|
