Dailydave mailing list archives
Linux 2.6.30+/SELinux/RHEL5 test kernel 0day, exploiting the unexploitable
From: spender () grsecurity net (Brad Spengler)
Date: Thu, 16 Jul 2009 20:57:36 -0400
Title says it all, exploit is at: http://grsecurity.net/~spender/cheddar_bay.tgz Everything is described and explained in the exploit.c file. I exploit a bug that by looking at the source is unexploitable; I defeat the null ptr dereference protection in the kernel on both systems with SELinux and those without. I proceed to disable SELinux/AppArmor/LSM/auditing Exploit works on both 32bit and 64bit kernels. Links to videos of the exploit in action are present in the exploit code. Greets to vendor-sec, -Brad
Attachment:
signature.asc
Description: Digital signature
_______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Linux 2.6.30+/SELinux/RHEL5 test kernel 0day, exploiting the unexploitable Brad Spengler (Jul 17)
- As-if Infinitely Ranged Integer Model Robert Seacord (Jul 22)