| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 7 Dec 2010 22:09:38 -0800
From: Rem7ter <rem7ter@...il.com>
To: coderman <coderman@...il.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Linux kernel exploit
Why gcc exp.c -o exp alert "Error: too many Argument"? I test it in Linux
2.6.X.
2010/12/7 coderman <coderman@...il.com>
> On Tue, Dec 7, 2010 at 12:25 PM, Dan Rosenberg
> <dan.j.rosenberg@...il.com> wrote:
> > ... I've included here a proof-of-concept local privilege escalation
> exploit...
> > * This exploit leverages three vulnerabilities to get root, all of which
> were
> > * discovered by Nelson Elhage:
> >...
> > * However, the important issue, CVE-2010-4258, affects everyone, and it
> would
> > * be trivial to find an unpatched DoS under KERNEL_DS and write a
> slightly
> > * more sophisticated version of this...
>
> nice :)
>
> clearly demonstrates why risk is complicated and seemingly minor
> defects (worth delaying patches for weeks/months? ;) can combine into
> truly ugly vulnerabilities...
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
Content of type "text/html" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists