Date: Mon, 3 Feb 2014 03:45:02 +0000 (UTC) From: mancha <mancha1@...h.com> To: oss-security@...ts.openwall.com Subject: Re: Linux 3.4+: arbitrary write with CONFIG_X86_X32 (CVE-2014-0038) On Mon, 03 Feb 2014 03:16:13 +0000, mancha wrote: > On Sun, 02 Feb 2014 08:14:44 +0400, Solar Designer wrote: > [SNIP] > > The exploit by Rebel works as advertised. I've confirmed on a non-Ubuntu box > after making some changes. > > Attached find a kernel module I've authored that protects from the attack. > > I'm sharing it for folks currently on vulnerable systems still waiting on > patches from their upstream. > > # make > # insmod nox32recvmmsg.ko > > note: rmmod'ing restores original (vulnerable) state. > > --mancha Having issues attaching via this client. So, posted kernel module here: http://sf.net/projects/mancha/files/sec/nox32recvmmsg.tar.bz2
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ