lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 11 May 2005 16:34:58 -0300
From: Bruno Lustosa <>
Subject: Re: Linux kernel ELF core dump privilege elevation

On 5/11/05, Paul Starzetz <> wrote:
> since it became clear from the discussion in January about the uselib()
> vulnerability, that the Linux community prefers full, non-embargoed
> disclosure of kernel bugs, I release full details right now. However to
> follows at least some of the responsable disclosure rules, no exploit code will be
> released. Instead, only a proof-of-concept code is released to demonstrate
> the vulnerability.

Paul, I was unable to make it work on my amd64.
Running Gentoo on kernel 2.6.11.
This was the output:

[+] Compiling...elfcd1.c: In function `main':
elfcd1.c:48: warning: implicit declaration of function `strlen'
elfcd1.c:54: warning: implicit declaration of function `memset'
elfcd1.c:60: warning: implicit declaration of function `strcmp'
warning: i386:x86-64 architecture of input file `/tmp/ccSCdKeo.o' is
incompatible with i386 output

[+] ./elfcd1 argv_start=0x7ffffffff451 argv_end=0x7ffffffff459  ESP: 0xfffff0e0
[+] phase 1
[+] AAAA argv_start=0x7fffffff6fea argv_end=0x7fffffff6fee  ESP: 0xffff6de0
[+] phase 2, <RET> to crash Segmentation fault (core dumped)

Bruno Lustosa, aka Lofofora          | Email:
Network Administrator/Web Programmer | ICQ: 1406477
Rio de Janeiro - Brazil              |

Powered by blists - more mailing lists