| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 7 Dec 2010 22:40:50 +0100 From: Thomas SOETE <thomas@...te.org> To: full-disclosure@...ts.grok.org.uk Subject: Re: Linux kernel exploit Failed on Ubuntu 10.10 (2.6.35-23-generic) toms@...rost:/tmp$ uname -a Linux bifrost 2.6.35-23-generic #41-Ubuntu SMP Wed Nov 24 11:55:36 UTC 2010 x86_64 GNU/Linux toms@...rost:/tmp$ ./a.out [*] Resolving kernel addresses... [+] Resolved econet_ioctl to 0xffffffffa03d9610 [+] Resolved econet_ops to 0xffffffffa03d9720 [+] Resolved commit_creds to 0xffffffff810863c0 [+] Resolved prepare_kernel_cred to 0xffffffff81086890 [*] Calculating target... [*] Triggering payload... [*] Exploit failed to get root. 2010/12/7 coderman <coderman@...il.com>: > On Tue, Dec 7, 2010 at 12:25 PM, Dan Rosenberg > <dan.j.rosenberg@...il.com> wrote: >> ... I've included here a proof-of-concept local privilege escalation exploit... >> * This exploit leverages three vulnerabilities to get root, all of which were >> * discovered by Nelson Elhage: >>... >> * However, the important issue, CVE-2010-4258, affects everyone, and it would >> * be trivial to find an unpatched DoS under KERNEL_DS and write a slightly >> * more sophisticated version of this... > > nice :) > > clearly demonstrates why risk is complicated and seemingly minor > defects (worth delaying patches for weeks/months? ;) can combine into > truly ugly vulnerabilities... > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists