lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Wed, 8 Dec 2010 16:33:58 +0200
From: nix@...roxylists.com
To: "Thomas SOETE" <thomas@...te.org>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Linux kernel exploit

> Failed on Ubuntu 10.10 (2.6.35-23-generic)
>
> toms@...rost:/tmp$ uname -a
> Linux bifrost 2.6.35-23-generic #41-Ubuntu SMP Wed Nov 24 11:55:36 UTC
> 2010 x86_64 GNU/Linux
>
> toms@...rost:/tmp$ ./a.out
> [*] Resolving kernel addresses...
>  [+] Resolved econet_ioctl to 0xffffffffa03d9610
>  [+] Resolved econet_ops to 0xffffffffa03d9720
>  [+] Resolved commit_creds to 0xffffffff810863c0
>  [+] Resolved prepare_kernel_cred to 0xffffffff81086890
> [*] Calculating target...
> [*] Triggering payload...
> [*] Exploit failed to get root.
>
>
>
> 2010/12/7 coderman <coderman@...il.com>:
>> On Tue, Dec 7, 2010 at 12:25 PM, Dan Rosenberg
>> <dan.j.rosenberg@...il.com> wrote:
>>> ... I've included here a proof-of-concept local privilege escalation
>>> exploit...
>>>  * This exploit leverages three vulnerabilities to get root, all of
>>> which were
>>>  * discovered by Nelson Elhage:
>>>...
>>>  * However, the important issue, CVE-2010-4258, affects everyone, and
>>> it would
>>>  * be trivial to find an unpatched DoS under KERNEL_DS and write a
>>> slightly
>>>  * more sophisticated version of this...
>>
>> nice :)
>>
>> clearly demonstrates why risk is complicated and seemingly minor
>> defects (worth delaying patches for weeks/months? ;) can combine into
>> truly ugly vulnerabilities...
>>

Failed also as expected on my custom 2.6.32.25-grsec #3 SMP x86_64 GNU/Linux
. Nice found anyway while we are waiting for other versions :)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ