lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20101210090825.GA2764@antares.roath.org>
Date: Fri, 10 Dec 2010 10:08:25 +0100
From: Stefan Roas <sroas@...th.org>
To: bugtraq@...urityfocus.com
Subject: Re: [Full-disclosure] Linux kernel exploit

On Wed Dec 08, 2010 at 11:58:58, John Jacobs wrote:
> 
> > I've included here a proof-of-concept local privilege escalation exploit
> > for Linux.  Please read the header for an explanation of what's going
> > on.  Without further ado, I present full-nelson.c:
> 
> Hello Dan, is this exploitation not mitigated by best practice 
> defense-in-depth strategies such as preventing the CAP_SYS_MODULE 
> capability or '/sbin/sysctl -w kernel.modules_disabled=1' respectively? 
>  It seems it'd certainly stop the Econet/Acorn issue.
> 
> Curious to hear your input as I fear too many rely solely on errata updates and not a good defense-in-depth approach.

Only for this proof-of-concept exploit. The real culprit is CVE-2010-4258. Commit
33dd94ae1ccbfb7bf0fb6c692bc3d1c4269e6177 in Linus kernel tree fixes the
issue by doing set_fs(USER_DS) early in do_exit(). I guess this will be in pushed
to stable series as well.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ