[lug] Linux sysctl() Kernel Memory Reading Vulnerability

D. Stimits stimits at idcomm.com
Thu Feb 15 14:33:01 MST 2001


Justin wrote:
> 
> I just noticed this on securityfocus.com. I'm running a 2.2.15 kernel
> on my 3 "production" boxes and don't really want to have to upgrade
> them all if it's not absolutely necessary. Now there is a fix for
> kernels that requires you to compile a kernel module sysctl_fix.c. Do I
> just use the source code that is provided and compile it with the
> command they give you? Does this replace an existing kernel include
> file or something? The exploit I'm referencing is located at:
> http://www.securityfocus.com/frames/index.html?focus=linux
> If you go to the solution tab you can see what I'm talking about.
> Thanks for any help.
> 
> Justin
> 
> -----
> glow at jackmoves.com
> www.jackmoves.com

I didn't try to compile or use the fix, but here is what it looks like.
This is an independent module that does not require patching the actual
kernel. But for it to compile correctly, you'd need the current kernel
source to be both installed AND matching your running system. Then you
add the module somewhere within your module directory (depending on
version and preferences), followed by something like depmod -a to tell
it to update module info. It *looks* like this is a new module, and not
a replacement for anything existing. Since I haven't tested this,
consider it only advice. FYI, it does not appear to be a remote exploit,
so a user would need local access to use it.

D. Stimits, stimits at idcomm.com



More information about the LUG mailing list