Egregoros · Phoenix Framework

Post

Remote status

Context

matthew - retroedge.tech

Okay, update on this. The exploit does seem to work even if 'lsmod | grep algif_aead' returns nothing.

I tested it on my local, non-production, Linux Mint Debian Edition 7 system.

Crazy exploit!

Now that means I have a bunch of work to do to mitigate for this.

#Linux #CopyFail

RT: https://social.retroedge.tech/objects/94efc746-0853-4f78-9ae3-0736871d155f

⚡⛥ Maður Margvalds ⛦⚡

@toiletpaper@shitposter.world remote

@matthew

You probably know already, but this worked for me. Easy fix.

```
sudo sh -c "echo 'install algif_aead /bin/false' > /etc/modprobe.d/disable-algif.conf"
sudo rmmod algif_aead
```

Replying to @toiletpaper@shitposter.world

matthew - retroedge.tech

@matthew@social.retroedge.tech remote

Yes, thank you.

And to confirm that works:

python3 -c 'import socket; s = socket.socket(socket.AF_ALG, socket.SOCK_SEQPACKET, 0); s.bind(("aead","authencesn(hmac(sha256),cbc(aes))")); print("algif_aead probably successfully loaded, mitigation not effective; remove again with: rmmod algif_aead")'

If it errors out, mitigation applied. If it prints, “algif_aead probably successfully loaded, mitigation not effective; remove again with: rmmod algif_aead” that module is still available.

#copyFail #Linux

Replies

No replies yet.