lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <AANLkTikyzbJhwhtwoSVZCvjMsWzMEKF0RM2QWUY_P3hs@mail.gmail.com>
Date: Mon, 13 Dec 2010 21:19:46 +0000
From: "Cal Leeming [Simplicity Media Ltd]"
	<cal.leeming@...plicitymedialtd.co.uk>
To: Benji <me@...ji.com>
Cc: full-disclosure@...ts.grok.org.uk, Ariel Biener <ariel@...t.tau.ac.il>,
	leandro_lista@...tari.com.br, firebits@...ktrack.com.br,
	bugtraq@...urityfocus.com, full-disclosure-bounces@...ts.grok.org.uk
Subject: Re: Linux kernel exploit

   1. It ran on a one-time server which gets re-generated every time its
   restarted (which is everytime a testing session has finished)
   2. I did a *very* brief look in the code for shell code etc, and based on
   the noise already on the board, there wasn't any risk.
   3. Even if there was dodgy shell code in there, it still would have posed
   no risk, because the sandbox is re-generated every time (see comment 1)

No more troll feed for you!

On Mon, Dec 13, 2010 at 9:16 PM, Benji <me@...ji.com> wrote:

> wait wait wait.
>
> you dont have time to read header notes, but do have time to run code you
> dont really know what it does on your system?
>
> can I send you some code? it's a linux 2.6.* 0day, remote root.
>
>
> On Mon, Dec 13, 2010 at 9:14 PM, Cal Leeming [Simplicity Media Ltd] <
> cal.leeming@...plicitymedialtd.co.uk> wrote:
>
>> Sorry Dan, I did a very quick copy and paste job, without reading the
>> headers. I simply don't have time to read the code notes of every single
>> exploit released.
>>
>> I would say that, if you are fed up with being inundated with emails, then
>> perhaps you should mark these notes very clearly in big red writing at
>> the top of the email like this, for those people who don't have much time
>> to read these notes ;)
>>
>> On Mon, Dec 13, 2010 at 9:08 PM, <dan.j.rosenberg@...il.com> wrote:
>>
>>> Please don't inundate me with e-mail because none of you bothered to read
>>> the exploit header.
>>>
>>> The exploit so far has a 100% success rate on the systems it was designed
>>> to work on.
>>>
>>> I don't think this is rocket science.  If your distribution does not
>>> compile Econet, then the exploit obviously won't be able to open an Econet
>>> socket.  This includes Arch Linux, Gentoo, Fedora, Red Hat, CentOS,
>>> Slackware, and more.  This doesn't mean you're not vulnerable, it just means
>>> this particular exploit won't work.
>>>
>>> If your distro doesn't export the relevant symbols (Debian), ditto above.
>>>
>>> If your distro has patched the Econet vulnerabilities I used to trigger
>>> this (Ubuntu), ditto above.
>>>
>>> This was done on purpose, to avoid giving a weaponized exploit to people
>>> who shouldn't have one.
>>>
>>> -Dan
>>>
>>>
>>> Sent from my Verizon Wireless BlackBerry
>>>
>>> -----Original Message-----
>>> From: "Cal Leeming [Simplicity Media Ltd]"
>>>        <cal.leeming@...plicitymedialtd.co.uk>
>>> Sender: full-disclosure-bounces@...ts.grok.org.uk
>>> Date: Mon, 13 Dec 2010 20:40:45
>>> To: Ariel Biener<ariel@...t.tau.ac.il>
>>> Cc: <leandro_lista@...tari.com.br>; <firebits@...ktrack.com.br>; <
>>> bugtraq@...urityfocus.com>; <full-disclosure@...ts.grok.org.uk>
>>> Subject: Re: [Full-disclosure] Linux kernel exploit
>>>
>>> _______________________________________________
>>> Full-Disclosure - We believe in it.
>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>> Hosted and sponsored by Secunia - http://secunia.com/
>>>
>>
>>
>>
>> --
>>
>> Cal Leeming
>>
>> Operational Security & Support Team
>>
>> *Out of Hours: *+44 (07534) 971120 | *Support Tickets: *
>> support@...plicitymedialtd.co.uk
>> *Fax: *+44 (02476) 578987 | *Email: *cal.leeming@...plicitymedialtd.co.uk
>>
>> *IM: *AIM / ICQ / MSN / Skype (available upon request)
>> Simplicity Media Ltd. All rights reserved.
>> Registered company number 7143564
>>
>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>>
>
>


-- 

Cal Leeming

Operational Security & Support Team

*Out of Hours: *+44 (07534) 971120 | *Support Tickets: *
support@...plicitymedialtd.co.uk
*Fax: *+44 (02476) 578987 | *Email: *cal.leeming@...plicitymedialtd.co.uk
*IM: *AIM / ICQ / MSN / Skype (available upon request)
Simplicity Media Ltd. All rights reserved.
Registered company number 7143564

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ