| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <067d01c608a2$87d7d170$0100a8c0@nuclearwinter> Date: Sat Dec 24 18:38:37 2005 From: fd at g-0.org (GroundZero Security) Subject: linux procfs vulnerablity Hi ! i tested this bug and it is fact that indeed kernel memory can be leaked. this leads to priviledge escalation as the encrypted root password is in there. it could be cracked with john. in the log is more information that could lead to a full system compromise. nice bug and not hard to code :-) -sk Http://www.groundzero-security.com ----- Original Message ----- From: "Karl Janmar" <karl@...piafoundation.org> To: "coderman" <coderman@...il.com> Cc: <full-disclosure@...ts.grok.org.uk> Sent: Saturday, December 24, 2005 6:00 AM Subject: Re: [Full-disclosure] linux procfs vulnerablity > The arch is x86 and I ignore the rest of your comments, maybe you have to think > a little more? > > - karl > > coderman wrote: > > On 12/23/05, Karl Janmar <karl@...piafoundation.org> wrote: > > > >>... > >>I have found one flaw in Linux procfs code that make the kernel disclose memory. > > > > > > i'd love to see you exploit this! rly! > > > > > > > >>fs/proc/proc_misc.c:74 > >>... > >>if (len <= off+count) *eof = 1; > >>... > >>off is a off_t and count is a int. > > > > > > what arch? on intel assign a s32 to int? the sky is falling... > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ >
Powered by blists - more mailing lists