On Tue, 22 Jul 2008 10:51:48 +0200, Lucio Crusca said: > tried looking for "2.6.24-1-686 exploit" and "2.6.24-1-686 poc" but I can't > find anything. Hint - try being a bit less restrictive in the version, and remember that usually, the posting either includes the release that the hole was introduced, or when it was fixed. See Brad Spengler's recent thread, which included this text: > To illustrate the point, in the 2.6.25.10 kernel, the following fix was > included with the commit message of: > Roland McGrath (1): > x86_64 ptrace: fix sys32_ptrace task_struct leak > The kernel was released with no mention of security vulnerabilities in > the announcement, only "assorted bugfixes". > Put simply, it only took about an hour or so to develop a PoC for this > exploitable vulnerability which affects 64bit x86_64 kernels since > January. Linus released 2.6.24 on Jan 24. Do the math. ;)
Attachment:
pgpLENHOvpb1i.pgp
Description: PGP signature
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/