lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <Pine.LNX.4.44.0312021808270.6421-100000@isec.pl>
From: ihaquer at isec.pl (Paul Starzetz)
Subject: [SECURITY] [DSA-403-1] userland can access
 Linux kernel memory

On Tue, 2 Dec 2003, Florian Weimer wrote:

> > The debian announcement only says that by the time that this bug was
> > discovered, it was too late already for the 2.4.22 kernel release.
> 
> Another cre^Wgroup of researches publicly claimed that they had
> discovered this issue and that their exploit might have leaked to the
> underground.  The report might be phoney, or it could reflect an
> independent rediscovery.

we discovered the bug at the end of September 2003 and started to study 
the vulnerability. About 15.10.2003 a first version of a proof-of-concept 
exploit already existed (nothing clean just run, get root and then crash).

Due to the silent fix in the kernel tree (which we discovered while 
looking at the -rc patches for 2.4.22 to 2.4.23 at the end of November) we 
believed that 'the others' are convinced that the bug is not exploitable, thus
we decided to schedule an article for a security magazine at the end
of this year and start a public disclosure. Unfortunately it may be 
possible that a binary image of the latest exploit code has been leaked 
outside of iSEC machines... 

We are preparing a technical paper for the next 30 days.

regards

Paul Starzetz


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ