[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <Pine.LNX.4.44.0312021808270.6421-100000@isec.pl>
From: ihaquer at isec.pl (Paul Starzetz)
Subject: [SECURITY] [DSA-403-1] userland can access
Linux kernel memory
On Tue, 2 Dec 2003, Florian Weimer wrote:
> > The debian announcement only says that by the time that this bug was
> > discovered, it was too late already for the 2.4.22 kernel release.
>
> Another cre^Wgroup of researches publicly claimed that they had
> discovered this issue and that their exploit might have leaked to the
> underground. The report might be phoney, or it could reflect an
> independent rediscovery.
we discovered the bug at the end of September 2003 and started to study
the vulnerability. About 15.10.2003 a first version of a proof-of-concept
exploit already existed (nothing clean just run, get root and then crash).
Due to the silent fix in the kernel tree (which we discovered while
looking at the -rc patches for 2.4.22 to 2.4.23 at the end of November) we
believed that 'the others' are convinced that the bug is not exploitable, thus
we decided to schedule an article for a security magazine at the end
of this year and start a public disclosure. Unfortunately it may be
possible that a binary image of the latest exploit code has been leaked
outside of iSEC machines...
We are preparing a technical paper for the next 30 days.
regards
Paul Starzetz
Powered by blists - more mailing lists