On Fri, 2009-08-14 at 11:59 +0100, Dr Andrew C Aitchison wrote:
> On Fri, 14 Aug 2009, Urs Beyerle wrote:
> > I guess SL is affected like most other Linux distributions.
> >
> > I'm not 100% sure, but setting vm.mmap_min_addr to a value above 0
> > should prevent an exploit.
> >
> > # sysctl vm.mmap_min_addr=4096
>
> The default on my SL53 machines appears to be 65536
> so there may be no need to do this.
>
> And Stephan Wiesand <[log in to unmask]> replied:
> > I successfully rooted a 32bit SL5 system with SELinux enabled
> > and vm.mmap_min_addr=64k with the public exploit :-(
>
> Did this machine have kernel-2.6.18-128.4.1.el5 and hence the
> fix for CVE-2009-1895 which allows a user to bypass mmap_min_addr - see
Yes.
> https://rhn.redhat.com/errata/RHSA-2009-1193.html ?
> Though I did see that there are other ways of bypassing
> vm.mmap_min_addr :-(
Yes, and they work fine :-/
--
Stephan Wiesand
DESY - DV -
Platanenallee 6
15738 Zeuthen, Germany