[Ernest_at_the_Beach]

Eugene Teo (Security Response) 2010-09-16 03:17:41 EDT

Exploit: http://seclists.org/fulldisclosure/2010/Sep/268

[Ernest_at_the_Beach]

Christoph A. 2010-09-16 06:07:35 EDT

public exploit:
http://seclists.org/fulldisclosure/2010/Sep/268

Comment 8 Eugene Teo (Security Response) 2010-09-16 07:07:02 EDT

The Red Hat Security Response Team is aware of this issue. We are working on
updated packages to correct this issue and will release them once they have
been completed and tested.

Comment 12 Eugene Teo (Security Response) 2010-09-17 03:42:54 EDT

Statement:

More information can be found in this kbase:
https://access.redhat.com/kb/docs/DOC-40265.

Comment 13 Petter Reinholdtsen 2010-09-17 03:53:32 EDT

A workaround for this issue is to run this command

  echo ':32bits:M:0:\x7fELF\x01::/bin/echo:' >

/proc/sys/fs/binfmt_misc/register

It disable 32-bit ELF support.  The workaround was written by Terje Malmedal.

[Source: http://seclists.org/fulldisclosure/2010/Sep/273]

Comment 16 Mike McGrath 2010-09-17 17:33:37 EDT

(In reply to comment #13)

> [Source: http://seclists.org/fulldisclosure/2010/Sep/273]

One report suggests this won't always work:

http://www.h-online.com/open/news/forum/S-workaround-DOES-NOT-PREVENT-EXPLOIT/forum-116020/msg-14370942/read/

Comment 17 Nelson Elhage 2010-09-17 17:45:57 EDT

The 'robert_you_suck' exploit mentioned in the post Mike cites is an exploit
for
CVE-2010-3080, which is a distinct issue discovered at the same time as this
issue. RHEL 5 is not affected by that issue.