[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <AANLkTi=1fXtpkJnC8Lfub=o=uN610hPCeVg48xOGdshu@mail.gmail.com>
Date: Mon, 13 Dec 2010 21:38:50 +0000
From: "Cal Leeming [Simplicity Media Ltd]"
<cal.leeming@...plicitymedialtd.co.uk>
To: Benji <me@...ji.com>
Cc: full-disclosure@...ts.grok.org.uk, Ariel Biener <ariel@...t.tau.ac.il>,
leandro_lista@...tari.com.br, firebits@...ktrack.com.br,
bugtraq@...urityfocus.com, full-disclosure-bounces@...ts.grok.org.uk
Subject: Re: Linux kernel exploit
Again, considering there was no nasty code in there, it was safe enough to
run.
Give it a break dude, you ain't going to get an argument out of me lol :)
On Mon, Dec 13, 2010 at 9:21 PM, Benji <me@...ji.com> wrote:
> I know in your perfect world nothing could ever break out of a sandbox, but
> this just isnt true.
>
> No more coco-pops for you, maybe some brain food!
>
>
> On Mon, Dec 13, 2010 at 9:19 PM, Cal Leeming [Simplicity Media Ltd] <
> cal.leeming@...plicitymedialtd.co.uk> wrote:
>
>>
>> 1. It ran on a one-time server which gets re-generated every time its
>> restarted (which is everytime a testing session has finished)
>> 2. I did a *very* brief look in the code for shell code etc, and based
>> on the noise already on the board, there wasn't any risk.
>> 3. Even if there was dodgy shell code in there, it still would have
>> posed no risk, because the sandbox is re-generated every time (see comment
>> 1)
>>
>> No more troll feed for you!
>>
>> On Mon, Dec 13, 2010 at 9:16 PM, Benji <me@...ji.com> wrote:
>>
>>> wait wait wait.
>>>
>>> you dont have time to read header notes, but do have time to run code you
>>> dont really know what it does on your system?
>>>
>>> can I send you some code? it's a linux 2.6.* 0day, remote root.
>>>
>>>
>>> On Mon, Dec 13, 2010 at 9:14 PM, Cal Leeming [Simplicity Media Ltd] <
>>> cal.leeming@...plicitymedialtd.co.uk> wrote:
>>>
>>>> Sorry Dan, I did a very quick copy and paste job, without reading the
>>>> headers. I simply don't have time to read the code notes of every single
>>>> exploit released.
>>>>
>>>> I would say that, if you are fed up with being inundated with emails,
>>>> then perhaps you should mark these notes very clearly in big red
>>>> writing at the top of the email like this, for those people who don't
>>>> have much time to read these notes ;)
>>>>
>>>> On Mon, Dec 13, 2010 at 9:08 PM, <dan.j.rosenberg@...il.com> wrote:
>>>>
>>>>> Please don't inundate me with e-mail because none of you bothered to
>>>>> read the exploit header.
>>>>>
>>>>> The exploit so far has a 100% success rate on the systems it was
>>>>> designed to work on.
>>>>>
>>>>> I don't think this is rocket science. If your distribution does not
>>>>> compile Econet, then the exploit obviously won't be able to open an Econet
>>>>> socket. This includes Arch Linux, Gentoo, Fedora, Red Hat, CentOS,
>>>>> Slackware, and more. This doesn't mean you're not vulnerable, it just means
>>>>> this particular exploit won't work.
>>>>>
>>>>> If your distro doesn't export the relevant symbols (Debian), ditto
>>>>> above.
>>>>>
>>>>> If your distro has patched the Econet vulnerabilities I used to trigger
>>>>> this (Ubuntu), ditto above.
>>>>>
>>>>> This was done on purpose, to avoid giving a weaponized exploit to
>>>>> people who shouldn't have one.
>>>>>
>>>>> -Dan
>>>>>
>>>>>
>>>>> Sent from my Verizon Wireless BlackBerry
>>>>>
>>>>> -----Original Message-----
>>>>> From: "Cal Leeming [Simplicity Media Ltd]"
>>>>> <cal.leeming@...plicitymedialtd.co.uk>
>>>>> Sender: full-disclosure-bounces@...ts.grok.org.uk
>>>>> Date: Mon, 13 Dec 2010 20:40:45
>>>>> To: Ariel Biener<ariel@...t.tau.ac.il>
>>>>> Cc: <leandro_lista@...tari.com.br>; <firebits@...ktrack.com.br>; <
>>>>> bugtraq@...urityfocus.com>; <full-disclosure@...ts.grok.org.uk>
>>>>> Subject: Re: [Full-disclosure] Linux kernel exploit
>>>>>
>>>>> _______________________________________________
>>>>> Full-Disclosure - We believe in it.
>>>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>>>> Hosted and sponsored by Secunia - http://secunia.com/
>>>>>
>>>>
>>>>
>>>>
>>>> --
>>>>
>>>> Cal Leeming
>>>>
>>>> Operational Security & Support Team
>>>>
>>>> *Out of Hours: *+44 (07534) 971120 | *Support Tickets: *
>>>> support@...plicitymedialtd.co.uk
>>>> *Fax: *+44 (02476) 578987 | *Email: *
>>>> cal.leeming@...plicitymedialtd.co.uk
>>>> *IM: *AIM / ICQ / MSN / Skype (available upon request)
>>>> Simplicity Media Ltd. All rights reserved.
>>>> Registered company number 7143564
>>>>
>>>>
>>>> _______________________________________________
>>>> Full-Disclosure - We believe in it.
>>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>>> Hosted and sponsored by Secunia - http://secunia.com/
>>>>
>>>
>>>
>>
>>
>> --
>>
>> Cal Leeming
>>
>> Operational Security & Support Team
>>
>> *Out of Hours: *+44 (07534) 971120 | *Support Tickets: *
>> support@...plicitymedialtd.co.uk
>> *Fax: *+44 (02476) 578987 | *Email: *cal.leeming@...plicitymedialtd.co.uk
>>
>> *IM: *AIM / ICQ / MSN / Skype (available upon request)
>> Simplicity Media Ltd. All rights reserved.
>> Registered company number 7143564
>>
>>
>
--
Cal Leeming
Operational Security & Support Team
*Out of Hours: *+44 (07534) 971120 | *Support Tickets: *
support@...plicitymedialtd.co.uk
*Fax: *+44 (02476) 578987 | *Email: *cal.leeming@...plicitymedialtd.co.uk
*IM: *AIM / ICQ / MSN / Skype (available upon request)
Simplicity Media Ltd. All rights reserved.
Registered company number 7143564
Content of type "text/html" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists