| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 11 May 2005 16:34:58 -0300 From: Bruno Lustosa <bruno.lists@...il.com> To: bugtraq@...urityfocus.com Subject: Re: Linux kernel ELF core dump privilege elevation On 5/11/05, Paul Starzetz <ihaquer@...c.pl> wrote: > since it became clear from the discussion in January about the uselib() > vulnerability, that the Linux community prefers full, non-embargoed > disclosure of kernel bugs, I release full details right now. However to > follows at least some of the responsable disclosure rules, no exploit code will be > released. Instead, only a proof-of-concept code is released to demonstrate > the vulnerability. Paul, I was unable to make it work on my amd64. Running Gentoo on kernel 2.6.11. This was the output: [+] Compiling...elfcd1.c: In function `main': elfcd1.c:48: warning: implicit declaration of function `strlen' elfcd1.c:54: warning: implicit declaration of function `memset' elfcd1.c:60: warning: implicit declaration of function `strcmp' /usr/lib/gcc/x86_64-pc-linux-gnu/3.4.3/../../../../x86_64-pc-linux-gnu/bin/ld: warning: i386:x86-64 architecture of input file `/tmp/ccSCdKeo.o' is incompatible with i386 output [+] ./elfcd1 argv_start=0x7ffffffff451 argv_end=0x7ffffffff459 ESP: 0xfffff0e0 [+] phase 1 [+] AAAA argv_start=0x7fffffff6fea argv_end=0x7fffffff6fee ESP: 0xffff6de0 [+] phase 2, <RET> to crash Segmentation fault (core dumped) -- Bruno Lustosa, aka Lofofora | Email: bruno@...tosa.net Network Administrator/Web Programmer | ICQ: 1406477 Rio de Janeiro - Brazil |
Powered by blists - more mailing lists