lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20040511042638.GA23160@grsecurity.net>
From: spender at grsecurity.net (spender@...ecurity.net)
Subject: Re: Advisory 04/2004: Net(Free)BSD Systrace local root vulnerability

Just to clarify, this advisory does not involve either of the two 
vulnerabilities that I discovered over a year ago now that still remain 
unpatched.  The one bug is a local root on Linux, NetBSD, FreeBSD, 
OpenBSD, and Mac OS X, and any other OS systrace is ported to in the 
future.  The other bug is a complete bypass of systrace's "security" on 
Linux.

Maybe keep looking Stefan ;)
If you can find them, I'll release my fulling working MENU-BASED 
exploit.  Actually, I was quite upset at first that someone had killed 
my bug but then I read the advisory closer and realized it was a 
different local root, imagine that ;)  It amazes me that Niels has known 
a local root vulnerability has existed in his code for over a year and 
yet he hasn't even bothered to audit his own code, but instead continues 
to promote it.

http://monkey.org/openbsd/archive/misc/0304/msg01400.html
"I am looking forward to his local root exploit for systrace."
Sorry Niels, no such luck today :(
It was close!

-Brad


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ