[Bug 413656] Re: Local root exploit via CVE-2009-2692 (incorrect proto_ops initializations)

[Kees Cook]

** Description changed:

  Binary package hint: linux-image-2.6.15-54-server
  
  CVE Candidate is CVE-2009-2692
  
  Exploit:
  
  http://seclists.org/fulldisclosure/2009/Aug/0180.html
  
  Patch:
  
  http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=e694958388c50148389b0e9b9e9e8945cf0f1b98
  
  I ran the exploit on a fully updated dapper server installation and got
  root from a normal user account.
  
- Mitigated, at least against this particular posted exploit, via creating
- /etc/modprobe.d/mitigate-2692.conf:
+ On dapper, the follow can work around the issue (note this disables
+ IPv6):
  
+ sudo -s
+ cat > /etc/modprobe.d/mitigate-2692.conf << EOM
  install ppp_generic /bin/true
  install pppoe /bin/true
  install pppox /bin/true
  install slhc /bin/true
  install bluetooth /bin/true
  install ipv6 /bin/true
  install irda /bin/true
  install ax25 /bin/true
  install ipx /bin/true
  install appletalk /bin/true
+ EOM
+ /etc/init.d/bluez-utils stop
+ rmmod pppoe pppox ppp_generic slhc ax25 x25 irda crc_ccitt ipx appletalk rfcomm l2cap bluetooth

** Description changed:

  Binary package hint: linux-image-2.6.15-54-server
  
  CVE Candidate is CVE-2009-2692
  
  Exploit:
  
  http://seclists.org/fulldisclosure/2009/Aug/0180.html
  
  Patch:
  
  http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=e694958388c50148389b0e9b9e9e8945cf0f1b98
  
- I ran the exploit on a fully updated dapper server installation and got
- root from a normal user account.
+ WORK-AROUND:
  
- On dapper, the follow can work around the issue (note this disables
- IPv6):
+ Ubuntu 8.04 and later have a default setting of 65536 in
+ /proc/sys/vm/mmap_min_addr. When set, this issue is blocked. If your
+ value is 0, please purge the "wine" and "dosemu" packages, and reset the
+ value:
+ 
+ sudo apt-get purge wine dosemu
+ echo 65536 | sudo tee /proc/sys/vm/mmap_min_addr
+ 
+ On Ubuntu 6.06 (Dapper), the following configuration will work around
+ the issue (note this disables IPv6):
  
  sudo -s
  cat > /etc/modprobe.d/mitigate-2692.conf << EOM
  install ppp_generic /bin/true
  install pppoe /bin/true
  install pppox /bin/true
  install slhc /bin/true
  install bluetooth /bin/true
  install ipv6 /bin/true
  install irda /bin/true
  install ax25 /bin/true
  install ipx /bin/true
  install appletalk /bin/true
  EOM
  /etc/init.d/bluez-utils stop
  rmmod pppoe pppox ppp_generic slhc ax25 x25 irda crc_ccitt ipx appletalk rfcomm l2cap bluetooth

-- 
Local root exploit via CVE-2009-2692 (incorrect proto_ops initializations)
https://bugs.launchpad.net/bugs/413656
You received this bug notification because you are a member of Kernel
Bugs, which is subscribed to linux-source-2.6.15 in ubuntu.