Penetration Testing mailing list archives
Re: Linux NULL pointer dereference
From: arpunk <arpunk () cyberdelic org>
Date: Sat, 22 Aug 2009 22:01:12 -0500
On Wed, Aug 19, 2009 at 7:42 AM, Camilo Uribe<camilo.uribe () gmail com> wrote:
On Mon, Aug 17, 2009 at 2:06 PM, Ben Greenfield<bcg () struxural com> wrote:Now, back to some real pen-test stuff.... Anyone had a chance to leverage the recent Linux NULL pointer dereference bug in proto_ops in an engagement?I have not yet had the chance to use this in an engagement, but I feel like this is one that's going to be around for a _long time_ because of how many different versions are affected. Also, I've done some testing with this vulnerability, and haven't been able to get it working against Ubuntu Jaunty 9.04 on an AMD64. My understanding is that all architectures are vulnerable... has anyone had any success against AMD64 with this? On all the x86 platforms I've tested it against (Ubuntu 8.04 LTS x86, Debian 5 x86, Xen virtualized 2.6 linux x86) it worked as expected and resulted in local privilege escalation to root.The USN(Ubuntu Security Notice) http://www.ubuntu.com/usn/usn-819-1 says: "By default, Ubuntu 8.04 and later with a non-zero /proc/sys/vm/mmap_min_addr setting were not vulnerable"
Funny... we just owned one in Casa del Bosque today ;) -- No matter where you go, everyone's connected. ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Linux NULL pointer dereference Ben Greenfield (Aug 17)
- Re: Linux NULL pointer dereference Camilo Uribe (Aug 19)
- Re: Linux NULL pointer dereference arpunk (Aug 24)
- Re: Linux NULL pointer dereference Camilo Uribe (Aug 19)