[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20040511042638.GA23160@grsecurity.net>
From: spender at grsecurity.net (spender@...ecurity.net)
Subject: Re: Advisory 04/2004: Net(Free)BSD Systrace local root vulnerability
Just to clarify, this advisory does not involve either of the two
vulnerabilities that I discovered over a year ago now that still remain
unpatched. The one bug is a local root on Linux, NetBSD, FreeBSD,
OpenBSD, and Mac OS X, and any other OS systrace is ported to in the
future. The other bug is a complete bypass of systrace's "security" on
Linux.
Maybe keep looking Stefan ;)
If you can find them, I'll release my fulling working MENU-BASED
exploit. Actually, I was quite upset at first that someone had killed
my bug but then I read the advisory closer and realized it was a
different local root, imagine that ;) It amazes me that Niels has known
a local root vulnerability has existed in his code for over a year and
yet he hasn't even bothered to audit his own code, but instead continues
to promote it.
http://monkey.org/openbsd/archive/misc/0304/msg01400.html
"I am looking forward to his local root exploit for systrace."
Sorry Niels, no such luck today :(
It was close!
-Brad
Powered by blists - more mailing lists