CVE 2013-1763 - Linux Kernel local root exploit

Introduce yourself, create test postings or talk nonsense
GJones
Donor
Posts: 300
Joined: 22. Jul 2011, 23:27

Re: CVE 2013-1763 - Linux Kernel local root exploit

Post by GJones »

True. I also forgot about that, as I'm fortunate enough to be using an old laptop that doesn't need proprietary drivers.

Methinks I will post a guide to compiling custom kernels for 13.37.

Edit: N/M there are probably a million guides for doing so on the internet.
User avatar
gapan
Salix Wizard
Posts: 6238
Joined: 6. Jun 2009, 17:40

Re: CVE 2013-1763 - Linux Kernel local root exploit

Post by gapan »

Image
Image
ruario
Posts: 88
Joined: 23. Dec 2010, 08:41

Re: CVE 2013-1763 - Linux Kernel local root exploit

Post by ruario »

As you have probably all realised by now Pat did indeed provide updated kernels (this is the announcement): Slackware 13.37 - 2.6.37.6-3, Slackware64 13.37 - 2.6.37.6-3, Slackware 14.0 - 3.2.45 and Slackware64-14.0 - 3.2.45. Be aware however that some people with certain Intel hardware have had problems with the 3.2.45 kernel on Slackware 14.

Towards the end of the thread Ponce provides a 3.2.45 kernel with the problematic patch removed. Your other options are skip the upgrade or do what I did and take the 3.8.13 kernel from -current.

EDIT: Or as suggested above, compile your own.
User avatar
gapan
Salix Wizard
Posts: 6238
Joined: 6. Jun 2009, 17:40

Re: CVE 2013-1763 - Linux Kernel local root exploit

Post by gapan »

For people with intel graphics card that go black after an upgrade, adding this to the lilo entry for the kernel should help:

Code: Select all

addappend = " video=SVIDEO-1:d"
Image
Image
ruario
Posts: 88
Joined: 23. Dec 2010, 08:41

Re: CVE 2013-1763 - Linux Kernel local root exploit

Post by ruario »

Thanks gapan. I was not aware of that option. Though in my case the problem was not a black screen on boot but rather X freezing shortly after it started.
User avatar
mimosa
Salix Warrior
Posts: 3311
Joined: 25. May 2010, 17:02
Contact:

Re: CVE 2013-1763 - Linux Kernel local root exploit

Post by mimosa »

Should there be a space after the first "? Or doesn't it matter?
User avatar
gapan
Salix Wizard
Posts: 6238
Joined: 6. Jun 2009, 17:40

Re: CVE 2013-1763 - Linux Kernel local root exploit

Post by gapan »

mimosa wrote:Should there be a space after the first "? Or doesn't it matter?
I'm not really sure. I always add it out of habit.
Image
Image
ruario
Posts: 88
Joined: 23. Dec 2010, 08:41

Re: CVE 2013-1763 - Linux Kernel local root exploit

Post by ruario »

Pat has updated the 14.0 3.2.45 packages. Reports are that they work for those having issues before. I must admit I have not tried yet. The kernel from current is working nicely for me so I will probably stick with it.
User avatar
zazlox
Posts: 39
Joined: 19. Jun 2012, 02:24
Location: Morocco

Re: CVE 2013-1763 - Linux Kernel local root exploit

Post by zazlox »

thanks gapan for yur answer . the update fix the issue . no matter what we'll never be safe . bad people everywhere :cry: .
The Linux philosophy is 'Laugh in the face of danger'. Oops. Wrong One. 'Do it yourself'. Yes, that's it.
User avatar
laprjns
Salix Warrior
Posts: 1105
Joined: 28. Aug 2009, 01:30
Location: Connecticut USA

Re: CVE 2013-1763 - Linux Kernel local root exploit

Post by laprjns »

I upgraded to the new kernel on my Dell laptop with these specs:

Code: Select all

root[rich]# inxi -C -G
CPU:       Dual core Intel Core i3-2330M CPU (-HT-MCP-) cache: 3072 KB flags: (lm nx sse sse2 sse3 sse4_1 sse4_2 ssse3 vmx) 
           Clock Speeds: 1: 800.00 MHz 2: 800.00 MHz 3: 800.00 MHz 4: 800.00 MHz
Graphics:  Card: Intel 2nd Generation Core Processor Family Integrated Graphics Controller 
           X.org: 1.12.4 drivers: intel (unloaded: vesa) tty size: 133x38 Advanced Data: N/A for root 
It booted into x and the desktop ok, but then completely locked up. I could move the mouse pointer, but no response to clicks or keyboard entries. I reverted back to the old kernel.
“Don’t you see that the whole aim of Newspeak is to narrow the range of thought?"
Post Reply