[Bug 413656] Re: Local root exploit via CVE-2009-2692 (incorrect proto_ops initializations)

Fri Aug 14 16:27:32 UTC 2009

Ubuntu 8.04 and later have a default setting of 65536 in
/proc/sys/vm/mmap_min_addr. When set, this issue is blocked. If your
value is 0, please purge the "wine" and "dosemu" packages, and reset the
value:

  sudo apt-get purge wine dosemu
  echo 65536 | sudo tee /proc/sys/vm/mmap_min_addr

On Ubuntu 6.06, we recommend the work-around detailed above.  Kernel are
being built shortly to address the issue directly.

** Description changed:

  Binary package hint: linux-image-2.6.15-54-server

  CVE Candidate is CVE-2009-2692

  Exploit:

  http://seclists.org/fulldisclosure/2009/Aug/0180.html

  Patch:

  http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=e694958388c50148389b0e9b9e9e8945cf0f1b98

  I ran the exploit on a fully updated dapper server installation and got
  root from a normal user account.

  Mitigated, at least against this particular posted exploit, via creating
- /etc/modprobe.d/mitigate-2692:
+ /etc/modprobe.d/mitigate-2692.conf:

  install ppp_generic /bin/true
  install pppoe /bin/true
  install pppox /bin/true
  install slhc /bin/true

** Also affects: linux (Ubuntu)
   Importance: Undecided
       Status: New

** Bug watch added: Red Hat Bugzilla #516949
   https://bugzilla.redhat.com/show_bug.cgi?id=516949

** Also affects: linux (Fedora) via
   https://bugzilla.redhat.com/show_bug.cgi?id=516949
   Importance: Unknown
       Status: Unknown

** Visibility changed to: Public

** Also affects: linux (Ubuntu Dapper)
   Importance: Undecided
       Status: New

** Also affects: linux-source-2.6.15 (Ubuntu Dapper)
   Importance: Undecided
       Status: New

** Also affects: linux (Ubuntu Hardy)
   Importance: Undecided
       Status: New

** Also affects: linux-source-2.6.15 (Ubuntu Hardy)
   Importance: Undecided
       Status: New

** Also affects: linux (Ubuntu Jaunty)
   Importance: Undecided
       Status: New

** Also affects: linux-source-2.6.15 (Ubuntu Jaunty)
   Importance: Undecided
       Status: New

** Also affects: linux (Ubuntu Karmic)
   Importance: Undecided
       Status: New

** Also affects: linux-source-2.6.15 (Ubuntu Karmic)
   Importance: Undecided
       Status: New

** Also affects: linux (Ubuntu Intrepid)
   Importance: Undecided
       Status: New

** Also affects: linux-source-2.6.15 (Ubuntu Intrepid)
   Importance: Undecided
       Status: New

** Changed in: linux-source-2.6.15 (Ubuntu Dapper)
       Status: New => Triaged

** Changed in: linux-source-2.6.15 (Ubuntu Hardy)
       Status: New => Invalid

** Changed in: linux-source-2.6.15 (Ubuntu Jaunty)
       Status: New => Invalid

** Changed in: linux-source-2.6.15 (Ubuntu Karmic)
       Status: New => Invalid

** Changed in: linux-source-2.6.15 (Ubuntu Intrepid)
       Status: New => Invalid

** Changed in: linux (Ubuntu Dapper)
   Importance: Undecided => Medium

** Changed in: linux (Ubuntu Hardy)
   Importance: Undecided => Medium

** Changed in: linux (Ubuntu Karmic)
   Importance: Undecided => Medium

** Changed in: linux-source-2.6.15 (Ubuntu Intrepid)
   Importance: Undecided => Medium

** Changed in: linux-source-2.6.15 (Ubuntu Dapper)
   Importance: Undecided => Medium

** Changed in: linux-source-2.6.15 (Ubuntu Karmic)
   Importance: Undecided => Medium

** Changed in: linux-source-2.6.15 (Ubuntu Hardy)
   Importance: Undecided => Medium

** Changed in: linux (Ubuntu Hardy)
       Status: New => Triaged

** Changed in: linux-source-2.6.15 (Ubuntu Jaunty)
   Importance: Undecided => Medium

** Changed in: linux (Ubuntu Karmic)
       Status: New => Triaged

** Changed in: linux (Ubuntu Jaunty)
       Status: New => Triaged

** Changed in: linux (Ubuntu Jaunty)
   Importance: Undecided => Medium

** Changed in: linux (Ubuntu Dapper)
       Status: New => Invalid

** Changed in: linux (Ubuntu Intrepid)
   Importance: Undecided => Medium

** Changed in: linux (Ubuntu Intrepid)
       Status: New => Triaged

** Changed in: linux-source-2.6.15 (Ubuntu Hardy)
   Importance: Medium => Undecided

** Changed in: linux-source-2.6.15 (Ubuntu Jaunty)
   Importance: Medium => Undecided

** Changed in: linux (Ubuntu Dapper)
   Importance: Medium => Undecided

** Changed in: linux-source-2.6.15 (Ubuntu Intrepid)
   Importance: Medium => Undecided

** Changed in: linux-source-2.6.15 (Ubuntu Karmic)
   Importance: Medium => Undecided

-- 
Local root exploit via CVE-2009-2692 (incorrect proto_ops initializations)
https://bugs.launchpad.net/bugs/413656
You received this bug notification because you are a member of Kernel
Bugs, which is subscribed to linux-source-2.6.15 in ubuntu.