linux_pppolt2p privilege escalation

[Alex McGeorge <alexm () immunityinc com>]

Hello to you DD list, 

The American poet Busta Rhymes wrote "you best come correct", words we
try to live by at Immunity and I believe our latest CANVAS measures up
to that principle. Immunity's Linux exploit team has released an exploit
for CVE-2014-4943 with CANVAS v6.95. The exploit currently targets 32bit
and x86_64 support is in the works. What's interesting about this bug is
that it goes all the way back to the 3.0 Linux kernel. Which, if you're
playing at home, has seen quite a few releases since.

Linux kernel security is improving, the environment is changing and as a
consequence how you exploit the bug also changes. Some techniques may be
available in a subset of kernels but not another. This means you need to
be on top of your recon game as a penetration tester. The Linux team has
made the exploit as reliable and universal as possible and it certainly
is both of those things, but it still requires some sophistication to
wield appropriately.

We made a video explaining some of the recon suggested and using the
exploit in action here: https://vimeo.com/104520979

Cheers,
-AlexM

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
Dailydave mailing list
Dailydave () lists immunityinc com
https://lists.immunityinc.com/mailman/listinfo/dailydave