lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <3FFB143F.8020502@normanonline.co.uk>
From: luke at normanonline.co.uk (Luke Norman)
Subject: Re: Linux kernel do_mremap() proof-of-concept
 exploit code

Daniel B wrote:

>Daniel Husand <io@...v.us> wrote:
>
>  
>
>>-----BEGIN PGP SIGNED MESSAGE-----
>>Hash: SHA1
>>
>>Christophe Devine wrote:
>>
>>| The following program can be used to test if a x86 Linux system
>>| is vulnerable to the do_mremap() exploit; use at your own risk.
>>|
>>| $ cat mremap_poc.c
>>|
>>
>>This didnt do anything on my 2.4.23-grsec kernel.
>>
>>- --
>>Daniel
>>    
>>
>
>This froze my box running 2.6.0, was that the intention? (I think so..)
>
>Regards,
>Daniel.
>
>
>_______________________________________________
>Full-Disclosure - We believe in it.
>Charter: http://lists.netsys.com/full-disclosure-charter.html
>
>
>  
>
 From what I understand, the exploit _should_ reboot the box if 
vulnerable. At least, that's what happened to me, and the original 
exploit poster clarified that was the exploits intention


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ