Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Thu, 9 Aug 2018 16:27:38 +0100
From: Simon McVittie <smcv@...ian.org>
To: oss-security@...ts.openwall.com
Subject: Re: Re: Linux kernel: CVE-2017-18344: arbitrary-read
 vulnerability in the timer subsystem

On Thu, 09 Aug 2018 at 16:21:03 +0200, Andrey Konovalov wrote:
> See the comment in the exploit source code for a
> usage example that shows how to read /etc/shadow on Ubuntu xenial
> 4.13.0-38-generic

Note that because of the way Debian and Ubuntu kernels are packaged, this
is an "ABI version" describing a class of kernels with compatible module
ABIs, not a specific version number. The version number for Ubuntu kernels
looks like 4.13.0-38.43~16.04.1 or similar. If you are illustrating
how to reproduce an exploit against a specific binary kernel, you'll
probably want to quote both the package name and the version number: for
example https://packages.ubuntu.com/xenial/linux-image-4.13.0-38-generic
currently lists "linux-image-4.13.0-38-generic (4.13.0-38.43~16.04.1)".

    smcv

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ