Security bug related to CVE-2010-3301

Bug #640390 reported by Bremm on 2010-09-16
278
This bug affects 3 people
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
High
Stefan Bader
Jaunty
High
Unassigned
Karmic
High
Unassigned
Lucid
High
Unassigned
Maverick
High
Stefan Bader

Bug Description

Binary package hint: linux-image-generic

I'm reporting this bug here since there's no information at https://bugs.launchpad.net/bugs/cve/2010-3301

You can find a whole description here: http://sota.gen.nz/compat2/

$ gcc robert_you_suck.c
$ whoami
bremm
$ ./a.out
resolved symbol commit_creds to 0xffffffff8108bd90
resolved symbol prepare_kernel_cred to 0xffffffff8108c170
mapping at 3f80000000
UID 0, EUID:0 GID:0, EGID:0
# whoami
root

$ uname -a
Linux host 2.6.32-24-generic #42-Ubuntu SMP Fri Aug 20 14:21:58 UTC 2010 x86_64 GNU/Linux

Jamie Strandboge (jdstrand) wrote :

Thanks for using Ubuntu and taking the time to report a bug. We are in the process of preparing updates for this now. Unfortunately, there was no pre-disclosure to vendors on this issue, but we are working hard to get the update out.

affects: linux-meta (Ubuntu) → linux (Ubuntu)
Changed in linux (Ubuntu):
importance: Undecided → High
status: New → In Progress
assignee: nobody → Stefan Bader (stefan-bader-canonical)
Jamie Strandboge (jdstrand) wrote :

Packages are available in https://edge.launchpad.net/~ubuntu-security-proposed/+archive/ppa/+packages. We expect these to be published to the archive later today.

visibility: private → public
Changed in linux (Ubuntu):
status: In Progress → Fix Committed
Kees Cook (kees) on 2010-09-17
Changed in linux (Ubuntu Lucid):
status: New → Fix Committed
Changed in linux (Ubuntu Karmic):
status: New → Fix Committed
Changed in linux (Ubuntu Jaunty):
status: New → Fix Committed
Changed in linux (Ubuntu Karmic):
importance: Undecided → High
Changed in linux (Ubuntu Jaunty):
importance: Undecided → High
Changed in linux (Ubuntu Lucid):
importance: Undecided → High
Kees Cook (kees) wrote :

This fix has been published now: http://www.ubuntu.com/usn/usn-988-1

Changed in linux (Ubuntu Jaunty):
status: Fix Committed → Fix Released
Changed in linux (Ubuntu Lucid):
status: Fix Committed → Fix Released
Changed in linux (Ubuntu Karmic):
status: Fix Committed → Fix Released
Changed in linux (Ubuntu Maverick):
status: Fix Committed → Fix Released
Patrick Domack (patrickdk) wrote :

This is still an issue on the ec2 kernels, I have tested I can easily root 309 and 310 for lucid.

Stefan Bader (smb) wrote :

Found out that ec2 / xen duplicates some files. One of which was the target for that CVE. Have successfully tested the changes copied into the xen version and will upload this with the next proposed kernel.

To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers