Dailydave mailing list archives

Re: Remote kernel bug in SCTP?

From: Gabriel Campana <gabriel.campana () security-labs org>
Date: Mon, 16 Mar 2009 19:41:34 +0100

Actually, the slab allocator has been replaced by the slub, but in both
cases exploitation remains the same.
Thanks for pointing out the error.

Regards,
Gabriel Campana

Fionnbharr a écrit :

The french article talks about slab exploitation with a nod to
qobaiashi's paper but slub became the default allocator 2.6.22 (I
think). The bug existed between "2.6.24-rc1 through 2.6.26.3".

2009/3/14 Nicolas RUFF <nruff () security-labs org>:

Did everyone else already know about this bug? So you connect to an SCTP
endpoint, then send a packet to overwrite arbitrary kernel data? That'd
be cool.

If you can read French (and I know some people in your team does ;), you
will find more information about this bug here:

http://esec.fr.sogeti.com/blog/index.php?2009/01/08/48-correction-silencieuse-d-une-vulnerabilite-dans-le-noyau-linux

Regards,
- Nicolas RUFF
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave


_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave

Current thread:

Remote kernel bug in SCTP? dave (Mar 13)
- Re: Remote kernel bug in SCTP? Nicolas RUFF (Mar 14)
  - Re: Remote kernel bug in SCTP? Dragos Ruiu (Mar 14)
  - Re: Remote kernel bug in SCTP? Fionnbharr (Mar 15)
    - Re: Remote kernel bug in SCTP? Gabriel Campana (Mar 16)
    - Re: Remote kernel bug in SCTP? Nicolas RUFF (Mar 16)