[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] Linux kernel exploit
- To: full-disclosure@xxxxxxxxxxxxxxxxx
- Subject: Re: [Full-disclosure] Linux kernel exploit
- From: Thomas SOETE <thomas@xxxxxxxxx>
- Date: Tue, 7 Dec 2010 22:40:50 +0100
Failed on Ubuntu 10.10 (2.6.35-23-generic)
toms@bifrost:/tmp$ uname -a
Linux bifrost 2.6.35-23-generic #41-Ubuntu SMP Wed Nov 24 11:55:36 UTC
2010 x86_64 GNU/Linux
toms@bifrost:/tmp$ ./a.out
[*] Resolving kernel addresses...
[+] Resolved econet_ioctl to 0xffffffffa03d9610
[+] Resolved econet_ops to 0xffffffffa03d9720
[+] Resolved commit_creds to 0xffffffff810863c0
[+] Resolved prepare_kernel_cred to 0xffffffff81086890
[*] Calculating target...
[*] Triggering payload...
[*] Exploit failed to get root.
2010/12/7 coderman <coderman@xxxxxxxxx>:
> On Tue, Dec 7, 2010 at 12:25 PM, Dan Rosenberg
> <dan.j.rosenberg@xxxxxxxxx> wrote:
>> ... I've included here a proof-of-concept local privilege escalation
>> exploit...
>> * This exploit leverages three vulnerabilities to get root, all of which
>> were
>> * discovered by Nelson Elhage:
>>...
>> * However, the important issue, CVE-2010-4258, affects everyone, and it
>> would
>> * be trivial to find an unpatched DoS under KERNEL_DS and write a slightly
>> * more sophisticated version of this...
>
> nice :)
>
> clearly demonstrates why risk is complicated and seemingly minor
> defects (worth delaying patches for weeks/months? ;) can combine into
> truly ugly vulnerabilities...
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/