lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <52C08AD4.9020209@halfdog.net> Date: Sun, 29 Dec 2013 20:49:24 +0000 From: halfdog <me@...fdog.net> To: full-disclosure@...ts.grok.org.uk Subject: Re: vm86 syscall kernel-panic and some more goodies waiting to be analyzed -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 halfdog wrote: > It seems that at least on 32-bit Debian-sid kernel in VirtualBox > guest, [1] triggers a kernel-panic. This simple POC does not allow > privilege escalation although there might be also some time-race > component involved, sometimes similar code seems to access > uninitialized memory or triggers NULL-dereferences. Therefore the > simple POC code could be extended for more extensive testing. See > [2] for more information. > > hd I've created [1] to ease discovery of new problematic code combinations. Good use is to run it with e.g. socat TCP4-LISTEN:1234,reuseaddr=1,fork=1 EXEC:./Virtual86RandomCode,nofork=1 And send random data via network: tee TestInput < /dev/urandom | socat - TCP4:x.x.x.x:1234 > ProcessedBlocks And watch your console or dmesg output (when your kernel did not lock up completely) hd [1] http://www.halfdog.net/Security/2013/Vm86SyscallTaskSwitchKernelPanic/Virtual86RandomCode.c - -- http://www.halfdog.net/ PGP: 156A AE98 B91F 0114 FE88 2BD8 C459 9386 feed a bee -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAlLAiroACgkQxFmThv7tq+58dACggUEhW1toL8/9UnZkcEXZ+Ukk yvUAnjFTETZf/nXr/96fbp8soRpUdJiv =mLVT -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists