Latest news	All news articles

All news topics Events Linux and Free Software Meetings Politics Security Software Tyneside Linux User Group

Security	Sunday 10th February, 2008	PRINT
Kernel security issue I'd like to bring your attention to a Linux security problem. If you have a Linux server where users have shell access, and are running a kernel between 2.6.17 and 2.6.24, you are vulnerable to your users. There is an exploit which allows users to get themselves root permissions without knowing your password. It uses the vmsplice syscall, which has always had this problem. There is a fix. This fix is a simple kernel module, which can be compiled and inserted without rebooting, which disables the vulnerable system call. Linked below is the solution. It's a kernel module, which can be compiled and inserted without rebooting. The module catches any attempts to make a vmsplice call, and cancels them with a "not available" error. Any vulnerable system admins should consider using this module until such time as they can update their kernel with a secure one. Instructions: Download the file, then: tar xf novmsplice.tgz cd novmsplice make then as root: insmod novmsplice.ko We do not have control over the target of the link below. I have read the code and tested the module, and I am confident that it is benign. As a precaution, I have created a PGP signature of the file as I downloaded it, so you can be sure you have the same one that I tested. This signature is available on the files section of this web site, in the "software" folder as novmsplice.tgz.asc Related link: http://www.linux.it/~md/software/novmsplice.tgz Submitted by Brian Ronald

<-NEWER

1

2

OLDER->

Welcome to Tyneside Linux User Group	Brian Ronald	Sticky article	VIEW	PRINT

Next Meeting	Brian Ronald	Saturday 04th September, 2010	VIEW	PRINT

Server down-time	Brian Ronald	Thursday 02nd September, 2010	VIEW	PRINT

Software Freedom Day	Brian Ronald	Monday 09th August, 2010	VIEW	PRINT

Annual new year's eating	Brian Ronald	Monday 07th December, 2009	VIEW	PRINT

Happy Birthday to Linux	Brian Ronald	Thursday 17th September, 2009	VIEW	PRINT

Linux Format article	Brian Ronald	Friday 21st August, 2009	VIEW	PRINT

New mobile web page launched	Brian Ronald	Monday 03rd August, 2009	VIEW	PRINT

Birthday present from Linux Format	Brian Ronald	Monday 22nd June, 2009	VIEW	PRINT

10th Birthday	Brian Ronald	Tuesday 16th June, 2009	VIEW	PRINT

Linux Format in PDF format	Brian Ronald	Tuesday 03rd March, 2009	VIEW	PRINT

New Year Social	Brian Ronald	Monday 15th December, 2008	VIEW	PRINT

More Super Mondays	Brian Ronald	Wednesday 05th November, 2008	VIEW	PRINT

Super Mondays	Brian Ronald	Monday 06th October, 2008	VIEW	PRINT

Steven Fry wishes GNU a happy birthday	Brian Ronald	Tuesday 02nd September, 2008	VIEW	PRINT

Server re-installation	Brian Ronald	Sunday 13th July, 2008	VIEW	PRINT

There will be cake	Brian Ronald	Saturday 14th June, 2008	VIEW	PRINT

Community Choice Awards Nominations Open	Anonymous User	Sunday 08th June, 2008	VIEW	PRINT

Ubuntu 8.04 released	Brian Ronald	Thursday 24th April, 2008	VIEW	PRINT

New SSL certificate from Comodo	Brian Ronald	Monday 17th March, 2008	VIEW	PRINT

National LUGs site gets massive overhaul	Brian Ronald	Thursday 21st February, 2008	VIEW	PRINT

Kernel security issue	Brian Ronald	Sunday 10th February, 2008	VIEW	PRINT

Presentations a success	Brian Ronald	Sunday 03rd February, 2008	VIEW	PRINT

Remote Access	Brian Ronald	Friday 25th January, 2008	VIEW	PRINT

We're featured in Linux Format	Brian Ronald	Saturday 12th January, 2008	VIEW	PRINT

Samba Team Receives Microsoft Protocol Documentation	Andrew Smith	Thursday 20th December, 2007	VIEW	PRINT

New Year Social - Frankie & Benny's	Brian Ronald	Sunday 09th December, 2007	VIEW	PRINT

Call for presenters	Brian Ronald	Wednesday 07th November, 2007	VIEW	PRINT

LUG move to new room a success	Brian Ronald	Sunday 02nd September, 2007	VIEW	PRINT

Lenovo to offer Linux on laptops	Brian Ronald	Tuesday 07th August, 2007	VIEW	PRINT