Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Linux kernel exploit

From: Rem7ter <rem7ter () gmail com>
Date: Tue, 7 Dec 2010 22:09:38 -0800
Why gcc exp.c -o exp alert "Error: too many Argument"?  I test it in Linux
2.6.X.

2010/12/7 coderman <coderman () gmail com>


On Tue, Dec 7, 2010 at 12:25 PM, Dan Rosenberg
<dan.j.rosenberg () gmail com> wrote:

... I've included here a proof-of-concept local privilege escalation

exploit...

 * This exploit leverages three vulnerabilities to get root, all of which

were

 * discovered by Nelson Elhage:
...
 * However, the important issue, CVE-2010-4258, affects everyone, and it

would

 * be trivial to find an unpatched DoS under KERNEL_DS and write a

slightly

 * more sophisticated version of this...


nice :)

clearly demonstrates why risk is complicated and seemingly minor
defects (worth delaying patches for weeks/months? ;) can combine into
truly ugly vulnerabilities...

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: