Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20180809152738.GA19476@espresso.pseudorandom.co.uk>
Date: Thu, 9 Aug 2018 16:27:38 +0100
From: Simon McVittie <smcv@...ian.org>
To: oss-security@...ts.openwall.com
Subject: Re: Re: Linux kernel: CVE-2017-18344: arbitrary-read
 vulnerability in the timer subsystem

On Thu, 09 Aug 2018 at 16:21:03 +0200, Andrey Konovalov wrote:
> See the comment in the exploit source code for a
> usage example that shows how to read /etc/shadow on Ubuntu xenial
> 4.13.0-38-generic

Note that because of the way Debian and Ubuntu kernels are packaged, this
is an "ABI version" describing a class of kernels with compatible module
ABIs, not a specific version number. The version number for Ubuntu kernels
looks like 4.13.0-38.43~16.04.1 or similar. If you are illustrating
how to reproduce an exploit against a specific binary kernel, you'll
probably want to quote both the package name and the version number: for
example https://packages.ubuntu.com/xenial/linux-image-4.13.0-38-generic
currently lists "linux-image-4.13.0-38-generic (4.13.0-38.43~16.04.1)".

    smcv

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.