[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] linux procfs vulnerablity
- To: Karl Janmar <karl@xxxxxxxxxxxxxxxxxxxx>
- Subject: Re: [Full-disclosure] linux procfs vulnerablity
- From: coderman <coderman@xxxxxxxxx>
- Date: Fri, 23 Dec 2005 10:57:57 -0800
On 12/23/05, Karl Janmar <karl@xxxxxxxxxxxxxxxxxxxx> wrote:
> ...
> I have found one flaw in Linux procfs code that make the kernel disclose
> memory.
i'd love to see you exploit this! rly!
> fs/proc/proc_misc.c:74
> ...
> if (len <= off+count) *eof = 1;
> ...
> off is a off_t and count is a int.
what arch? on intel assign a s32 to int? the sky is falling...
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/