lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAH8yC8mT79UQ0-74zoD8VGKYG7Vcy4Bt_b3=x6EAnOGGaX_YKg@mail.gmail.com> Date: Sun, 22 Jan 2012 22:53:26 -0500 From: Jeffrey Walton <noloader@...il.com> To: "Jason A. Donenfeld" <Jason@...c4.com> Cc: full-disclosure@...ts.grok.org.uk Subject: Re: Linux Local Root -- CVE-2012-0056 -- Detailed Write-up Good point about [lack of] compiler and linker hardening on the `su` binary (and probably many others). Perhaps distributions should run Checksec (http://www.trapkit.de/tools/checksec.html) on their binaries. On Sun, Jan 22, 2012 at 6:25 PM, Jason A. Donenfeld <Jason@...c4.com> wrote: > Server presently DoS'd, or dreamhost is tweaking again. > > Cache link: > > http://webcache.googleusercontent.com/search?hl=en&safe=off&biw=1009&bih=687&sclient=psy-ab&q=cache%3Ahttp%3A%2F%2Fblog.zx2c4.com%2F749&pbx=1&oq=cache%3Ahttp%3A%2F%2Fblog.zx2c4.com%2F749&aq=f&aqi=g4&aql=&gs_sm=e&gs_upl=1077l2167l0l2282l7l4l0l0l0l0l148l403l2.2l4l0 > > On Sun, Jan 22, 2012 at 19:19, Jason A. Donenfeld <Jason@...c4.com> wrote: >> >> Hey Everyone, >> >> I did a detailed write-up on exploiting CVE-2012-0056 that some of >> y'all might appreciate. Pretty fun bug to play with -- dup2ing all >> over the place for the prize of getting to write arbitrary process >> memory into su :-). >> >> The write up is available on my blog here: http://blog.zx2c4.com/749 . Enjoy. >> >> Jason _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists