Dailydave mailing list archives

Immunity Advisory: Solaris local kernel root

From: Sinan Eren <sinan.eren () immunitysec com>
Date: Tue, 23 Mar 2004 23:56:52 -0500 (EST)


*** Forwarding from Dave's BQ post (we seem to forget about posting DD)

Immunity Research has released an Advisory from the Vulnerability
Sharing Club into the public domain. This advisory can be found at
http://www.immunitysec.com/downloads/solaris_kernel_vfs.sxw.pdf

Technical Summary: There is a vulnerability in Solaris that allows
local users to load kernel modules without being root. This is handy
for getting around things like Argus Pitbull (if it still existed) or
Okena or Entercept or anything like that, or simply for just taking
root. An exploit for this was released as part of the Shellcoder's
Handbook.

There is a Solaris patch that appears to make this exploit ineffective.
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F57479&zone_32=category%3Asecurity

Dave Aitel
Immunity, Inc.


_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://www.immunitysec.com/mailman/listinfo/dailydave

Current thread:

Immunity Advisory: Solaris local kernel root Sinan Eren (Mar 23)
- <Possible follow-ups>
- Re: Immunity Advisory: Solaris local kernel root Dave Aitel (Mar 25)
  - Re: Re: Immunity Advisory: Solaris local kernel root the grugq (Mar 25)